LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-26-2007, 03:07 PM   #1
stuartornum
Member
 
Registered: Feb 2006
Posts: 44

Rep: Reputation: 15
OpenVPN route issues, all traffic through VPN tunnel


Hi,

I have a VPS (FC4 on Xen, in a datacenter), I have installed OpenVPN with tun/tap and it works all fine, I can connect to the server from my Windows XP machine and the server give my client (Win XP) the correct IP, however I cannot route all my internet ie web browsing, P2P etc down the VPN.

So im not sure if its the server config file or the client config file or the servers route table? So I thought I would post all my .conf and see what you think...

Server config file (server-tcp-1194.conf) I have a UDP conf file too, its just the same with UDP instaed of TCP.

Code:
local my.domain.com // this is obviously my actual domain
port 1194
proto tcp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
server 192.168.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status-notebook-tcp-1194.log
verb 3
Here is my client config file (client1-tcp-1194.ovpn)

Code:
client
dev tun
proto tcp
remote my.domain.com 1194
float
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client2.crt
key client2.key
ns-cert-type server
comp-lzo
verb 3
Here is my netstat

Code:
[root@ns1 ~]# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.4.2     0.0.0.0         255.255.255.255 UH        0 0          0 tun1
192.168.2.2     0.0.0.0         255.255.255.255 UH        0 0          0 tun0
192.168.4.0     192.168.4.2     255.255.255.0   UG        0 0          0 tun1
192.168.2.0     192.168.2.2     255.255.255.0   UG        0 0          0 tun0
my.public.ip    0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         194.150.121.254 0.0.0.0         UG        0 0          0 eth0

If you require more info please post, im really at a dead end here.

Many Thanks
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 02-26-2007, 03:26 PM   #2
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Your default route is set to go over eth0 to 194.150.121.254. I would think you would want it going over tun0 or tun1... (Do you have 2 VPN connections on 192.168.2.* and 192.168.4.*?)
 
Old 02-26-2007, 03:36 PM   #3
stuartornum
Member
 
Registered: Feb 2006
Posts: 44

Original Poster
Rep: Reputation: 15
Hi Matir,

thanks for the quick response.

I only really want one VPN, but the guide I followed showed you how to create to clints... so im guessing that is the reason. But I can connect to both 192.168.2.* and 192.168.4.* .

As for the route going to eth0 (194.150.121.254) what setup do you recommend.

Thanks again
 
Old 02-27-2007, 11:00 AM   #4
stuartornum
Member
 
Registered: Feb 2006
Posts: 44

Original Poster
Rep: Reputation: 15
Does anyone have any ideas at all?
 
Old 03-05-2007, 04:07 AM   #5
Au_Squirrel
Member
 
Registered: Nov 2005
Location: Brisbane AU
Distribution: FC29
Posts: 52

Rep: Reputation: 17
From the OpenVPN 2.0 How to

Routing all client traffic (including web-traffic) through the VPN
Overview

By default, when an OpenVPN client is active, only network traffic to and from the OpenVPN server site will pass over the VPN. General web browsing, for example, will be accomplished with direct connections that bypass the VPN.

In certain cases this behavior might not be desirable -- you might want a VPN client to tunnel all network traffic through the VPN, including general internet web browsing. While this type of VPN configuration will exact a performance penalty on the client, it gives the VPN administrator more control over security policies when a client is simultaneously connected to both the public internet and the VPN at the same time.
Implementation

Add the following directive to the server configuration file:

push "redirect-gateway def1"

Here is the ref: http://openvpn.net/howto.html#redirect

Regards
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN and default route ziobudda Linux - Networking 0 09-13-2006 11:04 AM
OpenVPN setup - can ping only one way across VPN tunnel rob_xx17 Linux - Networking 3 04-14-2006 07:36 AM
OpenVPN tunnel problem skyfly Linux - Networking 1 04-12-2006 12:56 AM
Can I Route Specific Addresses Through an IPSec VPN Tunnel? strick1226 Linux - Networking 3 12-15-2005 09:30 AM
OpenVPN client cannot route to LAN TheAmazingSteve Linux - Networking 1 09-29-2005 04:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration