LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   OpenVPN route issues, all traffic through VPN tunnel (https://www.linuxquestions.org/questions/linux-server-73/openvpn-route-issues-all-traffic-through-vpn-tunnel-532633/)

stuartornum 02-26-2007 03:07 PM

OpenVPN route issues, all traffic through VPN tunnel
 
Hi,

I have a VPS (FC4 on Xen, in a datacenter), I have installed OpenVPN with tun/tap and it works all fine, I can connect to the server from my Windows XP machine and the server give my client (Win XP) the correct IP, however I cannot route all my internet ie web browsing, P2P etc down the VPN.

So im not sure if its the server config file or the client config file or the servers route table? So I thought I would post all my .conf and see what you think...

Server config file (server-tcp-1194.conf) I have a UDP conf file too, its just the same with UDP instaed of TCP.

Code:


local my.domain.com // this is obviously my actual domain
port 1194
proto tcp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
server 192.168.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status-notebook-tcp-1194.log
verb 3

Here is my client config file (client1-tcp-1194.ovpn)

Code:


client
dev tun
proto tcp
remote my.domain.com 1194
float
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client2.crt
key client2.key
ns-cert-type server
comp-lzo
verb 3

Here is my netstat

Code:


[root@ns1 ~]# netstat -nr
Kernel IP routing table
Destination    Gateway        Genmask        Flags  MSS Window  irtt Iface
192.168.4.2    0.0.0.0        255.255.255.255 UH        0 0          0 tun1
192.168.2.2    0.0.0.0        255.255.255.255 UH        0 0          0 tun0
192.168.4.0    192.168.4.2    255.255.255.0  UG        0 0          0 tun1
192.168.2.0    192.168.2.2    255.255.255.0  UG        0 0          0 tun0
my.public.ip    0.0.0.0        255.255.255.0  U        0 0          0 eth0
169.254.0.0    0.0.0.0        255.255.0.0    U        0 0          0 eth0
0.0.0.0        194.150.121.254 0.0.0.0        UG        0 0          0 eth0


If you require more info please post, im really at a dead end here.

Many Thanks

Matir 02-26-2007 03:26 PM

Your default route is set to go over eth0 to 194.150.121.254. I would think you would want it going over tun0 or tun1... (Do you have 2 VPN connections on 192.168.2.* and 192.168.4.*?)

stuartornum 02-26-2007 03:36 PM

Hi Matir,

thanks for the quick response.

I only really want one VPN, but the guide I followed showed you how to create to clints... so im guessing that is the reason. But I can connect to both 192.168.2.* and 192.168.4.* .

As for the route going to eth0 (194.150.121.254) what setup do you recommend.

Thanks again

stuartornum 02-27-2007 11:00 AM

Does anyone have any ideas at all?

Au_Squirrel 03-05-2007 04:07 AM

From the OpenVPN 2.0 How to

Routing all client traffic (including web-traffic) through the VPN
Overview

By default, when an OpenVPN client is active, only network traffic to and from the OpenVPN server site will pass over the VPN. General web browsing, for example, will be accomplished with direct connections that bypass the VPN.

In certain cases this behavior might not be desirable -- you might want a VPN client to tunnel all network traffic through the VPN, including general internet web browsing. While this type of VPN configuration will exact a performance penalty on the client, it gives the VPN administrator more control over security policies when a client is simultaneously connected to both the public internet and the VPN at the same time.
Implementation

Add the following directive to the server configuration file:

push "redirect-gateway def1"

Here is the ref: http://openvpn.net/howto.html#redirect

Regards


All times are GMT -5. The time now is 07:52 PM.