-   Linux - Server (
-   -   OpenVPN route issues, all traffic through VPN tunnel (

stuartornum 02-26-2007 03:07 PM

OpenVPN route issues, all traffic through VPN tunnel

I have a VPS (FC4 on Xen, in a datacenter), I have installed OpenVPN with tun/tap and it works all fine, I can connect to the server from my Windows XP machine and the server give my client (Win XP) the correct IP, however I cannot route all my internet ie web browsing, P2P etc down the VPN.

So im not sure if its the server config file or the client config file or the servers route table? So I thought I would post all my .conf and see what you think...

Server config file (server-tcp-1194.conf) I have a UDP conf file too, its just the same with UDP instaed of TCP.


local // this is obviously my actual domain
port 1194
proto tcp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 10 120
status openvpn-status-notebook-tcp-1194.log
verb 3

Here is my client config file (client1-tcp-1194.ovpn)


dev tun
proto tcp
remote 1194
resolv-retry infinite
ca ca.crt
cert client2.crt
key client2.key
ns-cert-type server
verb 3

Here is my netstat


[root@ns1 ~]# netstat -nr
Kernel IP routing table
Destination    Gateway        Genmask        Flags  MSS Window  irtt Iface UH        0 0          0 tun1 UH        0 0          0 tun0  UG        0 0          0 tun1  UG        0 0          0 tun0
my.public.ip  U        0 0          0 eth0    U        0 0          0 eth0        UG        0 0          0 eth0

If you require more info please post, im really at a dead end here.

Many Thanks

Matir 02-26-2007 03:26 PM

Your default route is set to go over eth0 to I would think you would want it going over tun0 or tun1... (Do you have 2 VPN connections on 192.168.2.* and 192.168.4.*?)

stuartornum 02-26-2007 03:36 PM

Hi Matir,

thanks for the quick response.

I only really want one VPN, but the guide I followed showed you how to create to clints... so im guessing that is the reason. But I can connect to both 192.168.2.* and 192.168.4.* .

As for the route going to eth0 ( what setup do you recommend.

Thanks again

stuartornum 02-27-2007 11:00 AM

Does anyone have any ideas at all?

Au_Squirrel 03-05-2007 04:07 AM

From the OpenVPN 2.0 How to

Routing all client traffic (including web-traffic) through the VPN

By default, when an OpenVPN client is active, only network traffic to and from the OpenVPN server site will pass over the VPN. General web browsing, for example, will be accomplished with direct connections that bypass the VPN.

In certain cases this behavior might not be desirable -- you might want a VPN client to tunnel all network traffic through the VPN, including general internet web browsing. While this type of VPN configuration will exact a performance penalty on the client, it gives the VPN administrator more control over security policies when a client is simultaneously connected to both the public internet and the VPN at the same time.

Add the following directive to the server configuration file:

push "redirect-gateway def1"

Here is the ref:


All times are GMT -5. The time now is 07:52 PM.