Default route via VPN while keeping LAN & services available

OpenVPN is working great and all, but I was having trouble getting my other LAN hosts to connect to the OpenVPN client system (a Raspberry Pi) while also keeping the services I normally run on it available from the internet. On the remote server, I was using redirect-gateway def1, which works but makes some assumptions about how you intend to use it.

After a lot of frustration and perusal of almost-but-not-quite posts on OpenVPN troubleshooting, I came across an article which didn’t mention OpenVPN but instead discussed how to set default routes for multiple interfaces.

Here’s what I took away. Extra lines in /etc/openvpn/client.conf:

and in multiple_gateways.sh:

One caveat: I haven’t done a ton of testing, and after rebooting my Pi, it didn’t come up cleanly, so a down.sh script may be needed to tear down the extra config when OpenVPN disconnects. That being said, I have services available from the internet, connections from the LAN to the Pi working, and the default route for outgoing connections still going over the VPN.

Tunnelblick disconnect fails to remove route

Tunnelblick is an awesome OpenVPN client, which I have been using a lot lately on my Mac. I had a problem where it would connect the first time just fine, but then would never reconnect; it would seem to hang while trying to handshake with the server. I could get it to work again if I rebooted my machine, but that’s powerfully inconvenient.

TL;DR temporary fix:
On disconnect, Tunnelblick fails to remove a static route it used while active. I created a script that I run after disconnecting which drops the static route. It basically just does this:

The 192 address makes an assumption that you didn’t customize that part of the config, so YMMV.

The FCC is clueless

This. Here’s the kicker:

…but perhaps the most fundamental is a simple misconception, one that persists in the work of the FCC but also of proponents and opponents of network neutrality. It is the false distinction between what they call “edge providers” (YouTube) and “end users” (people who watch videos on YouTube).

I really wish Obama would remove chairmanship from Wheeler. And stop appointing lobbyists.

something wicked this way comes

When I ping fujipi, it reports the correct IP – it’s in my hosts file! For the record, the host key should not have changed. Continue reading “something wicked this way comes”