I have a homenetwork 192.168.1.0/24 with gateway 192.168.1.1 and a remote network with the same parameters. Now I want to create a OpenVPN tunnel between those networks.
I have no problems with Windows, because Windows routes everything to 192.168.1.0/24 except 192.168.1.1 throught the tunnel.
On Mac OS X however I see the following line in the Details window:
2010-05-10 09:13:01 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
When I list the routes I get the following:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 13 3 en1
127 localhost UCS 0 0 lo0
localhost localhost UH 12 3589 lo0
169.254 link#5 UCS 0 0 en1
192.168.1 link#5 UCS 1 0 en1
192.168.1.1 0:1e:e5:f4:ec:7f UHLW 13 17 en1 1103
192.168.1.101 localhost UHS 0 0 lo0
192.168.6 192.168.6.5 UGSc 0 0 tun0
192.168.6.5 192.168.6.6 UH 1 0 tun0
My Interfaces are
en1 - My local Wifi network
tun0 - The tunnel interface
As can be seen from the routes above there is no entry for 192.168.1.0/24 that routes the traffic through the tunnel interface.
When I manually route a single IP like 192.168.1.16 over the tunnel gateway 192.168.6.6, this works.
Q: How do I set up my routes in MacOS X for the same behaviour as on windows, to route everything except 192.168.1.1 through the tunnel, but leave the default gateway to be my local 192.168.1.1 ?
EDIT: I reopened the question because it could not be fully answered the first time.
The VPN-Client machine does not need to access its own subnet, except for the router, and TCP packages should take the tunnel except for the tunnelled packages themselves.
Best Answer
I don't think routing is supposed to work like that. Essentially, your two networks are the same as far as IPv4 is concerned. The VPN doesn't change that. You don't use routers to connect two parts of the same network; you need bridges for that.
I've never done this, but I think you have a few options.
Configure the OpenVPN gateways in a bridged mode. As long as there are no IP conflicts (one machine on each network with the same IP, eg 192.168.1.100) this should work. If you're using DHCP, you'll need to deal with potential overlap; you don't want two DHCP servers on the same network.
According to the link, you have two options for IP allocation:
Configure one network to another network address. Just change 192.168.1/24 on one network to 192.168.7/24 (or some other address). This will definitely work, and you'll only have to reconfigure one network.
Subnet the 192.168.1/24 into two /25 networks (eg, 192.168.1.0/25 and 192.168.1.128/25). This will also definitely work, but you'll have to reconfigure both networks. (For reference, the netmask on a /25 is 255.255.255.128).