OpenVPN is working great and all, but I was having trouble getting my other LAN hosts to connect to the OpenVPN client system (a Raspberry Pi) while also keeping the services I normally run on it available from the internet. On the remote server, I was using redirect-gateway def1, which works but makes some assumptions about how you intend to use it.
After a lot of frustration and perusal of almost-but-not-quite posts on OpenVPN troubleshooting, I came across an article which didn’t mention OpenVPN but instead discussed how to set default routes for multiple interfaces.
Here’s what I took away. Extra lines in /etc/openvpn/client.conf:
/sbin/ip route add defaultvia _local_gateway_ dev eth0 table mypriv
/sbin/ip rule add from _local_ip_/32table mypriv
/sbin/ip rule add to_local_ip_/32table mypriv
One caveat: I haven’t done a ton of testing, and after rebooting my Pi, it didn’t come up cleanly, so a down.sh script may be needed to tear down the extra config when OpenVPN disconnects. That being said, I have services available from the internet, connections from the LAN to the Pi working, and the default route for outgoing connections still going over the VPN.
Tunnelblick is an awesome OpenVPN client, which I have been using a lot lately on my Mac. I had a problem where it would connect the first time just fine, but then would never reconnect; it would seem to hang while trying to handshake with the server. I could get it to work again if I rebooted my machine, but that’s powerfully inconvenient.
TL;DR temporary fix: On disconnect, Tunnelblick fails to remove a static route it used while active. I created a script that I run after disconnecting which drops the static route. It basically just does this:
The 192 address makes an assumption that you didn’t customize that part of the config, so YMMV.
I think Google Now on my Android is pretty cool. I especially like the cards that show how traffic looks for an expected commute. One thing about it that bothers me a lot however, is that it insists that it needs either “high accuracy” or “battery saving” location mode enabled. High Accuracy mode uses GPS, wifi, or mobile networks to determine location. Battery Saving mode uses wifi and mobile networks. Device Only is the third option which uses GPS solely. My question is: Why is the Device Only option not allowed for Google Now to work? Continue reading “Google Now Needlessly Requires Battery-Draining Location Settings”
UPDATE: We made it! As of right now, there are 105,628 signatures on the petition. Thank you! Can’t wait to hear what the white house says on this.
Please sign this petition! I’m having trouble believing that it’s taken this long for people to take a minute to sign it. Is the level of apathy about this so great that no one thinks anything they do will make a difference? Or perhaps it’s more “I haven’t done anything wrong, so I have nothing to hide.” Wrong. Do you want privacy? Do you want strangers to know what’s in your medical records? Your bathroom medicine cabinet? Your bedroom?