If for some reason I'm mistaken, please point me at resources that indicate why I'm wrong and all networks without a default gateway should be considered unsecured. Forcing it to be a public network seems like a grand oversight, especially since many VPNs will have a very similar configuration. I network without a default gateway is as private as a network gets. Is there any way to force this connection to be a private connection without adding a default gateway? Is this by design? If so, respectfully, it's a bad design, and it should be corrected in SP1 (if not sooner). If the the VPN default gateway had a lower metric, it would prevent the connection to the VPN server (without yet another routing table entry to direct the tunnel traffic). That is, because the user's Internet connection that he's using to establish the VPN connection already has a default gateway with a lower metric, it will be used for all Internet traffic. Adding a default gateway with a high metric is not the correct solution - it creates a spurious routing table entry that has no effect on the routing. I can imagine many scenarios where a system is connected to a private network without a default gateway (route to the Internet) but still needs to be treated as a private network. This seems counter-intuitive and incorrect. The difference is that on Windows 7, the UI refuses to provide a mechanism to mark the connection as private if it has no default gateway. The route configuration is the same on Windows Vista. This configuration works for all of our clients and describes precisely the architecture we desire. These are the route entries I described above, and this is the correct configuration. Since the purpose of this VPN is not to provide connectivity for all Internet addresses, but only to provide access to the private LAN, it only needs to provide routing entries for the private networks. A default gateway is just another name for a route for all unknown networks. Is there any way, without defining a default gateway (via an undesirable routing table entry), to configure Windows to recognize the connection as a private connection? Is there a way to force any connection on this interface to be treated as private? In Windows Vista, these connections could be defined as private and the setting would be remembered across disconnects, so this is a regression.Īrthur, Thanks for the response, but I believe you're mistaken. However, if I disconnect from the VPN and reconnect, the network is again classified as an "Unidentified Network". I found that if I did assign a default gateway using route add 0.0.0.0 mask 0.0.0.0 10.244.31.33 metric 50 that Windows would immediately ask me to identify the network, and I could identify it as private. There appears to be no way to manually identify this network and mark it as private. As a result, Windows automatically classifies this VPN connection as an Unidentified Network and forces its classification to public. For example, here are the relevant lines in the routing table after connecting: IPv4 Route Table That is, I'm connecting to a private network and I only need access to the private nodes on the network. This is apparently due to the fact that the network to which I'm connecting does not supply a default gateway. When I connect to the VPN, I am not prompted to identify the network. OpenVPN creates a virtual network connection using the "TAP-Win32 Adapter V9". I've installed OpenVPN 2.1RC20 (the latest release of OpenVPN). I'm running Windows 7 Professional 32-bit. Windows 7 seems to be unable to effectively identify my VPN connection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |