Routing Traffic With OpenVPN

Posted on

QUESTION :

Few minutes ago i configured my VPN server, and actually I can connect to my VPN but all trafic is going through my normal home network. On my OpenVPN application I’ve got an information :

Server IP: **.185.***.*10
Client IP: 10.8.0.6
Traffic: 7.3 KB in, 5.6 KB out

So everything is connected but how I can setup on windows 7 that all trafic have to go through OpenVPN network card ??

Client setting :

client
dev tun
proto udp

# enter the server's hostname
# or IP address here, and port number
remote **.185.***.*10 1194

resolv-retry infinite
nobind
persist-key
persist-tun

# Use the full filepaths to your
# certificates and keys
ca ca.crt
cert user1.crt
key user1.key

ns-cert-type server
comp-lzo
verb 6

Server setting :

port 1194
proto udp
dev tun

# the full paths to your server keys and certs
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem

cipher BF-CBC

# Set server mode, and define a virtual pool of IP
# addresses for clients to use. Use any subnet
# that does not collide with your existing subnets.
# In this example, the server can be pinged at 10.8.0.1
server 10.8.0.0 255.255.255.0

# Set up route(s) to subnet(s) behind
# OpenVPN server
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

ifconfig-pool-persist /etc/openvpn/ipp.txt
keepalive 10 120
status openvpn-status.log
verb 6

and sysctl :

net.ipv4.ip_forward=1

Thank you for your time and help.

ANSWER :

Add a route to your OpenVPN server.

I have added

push route "192.168.100.0 255.255.255.0"

to my openvpn server config, so I can connect to another subnet on the other side of my openvpn server, that the openvpn server isn’t on but is set up to route to. Also more info for the rt above:

My openvpn server IP is 192.168.200.1
My openvpn client IP is 192.168.200.10

So any traffic destined for 192.168.100.0 goes through the OpenVPN interface but is destined for 200.1, because my OpenVPN box has 2 eth connections and has iptables setup to route that traffic. So in your case, I would check that there is a route on your OpenVPN server between to route the traffic from one interface to the rest of the network or internet, wherever your destination.

Try adding

"push route 0.0.0.0 0.0.0.0"

And see if that doesn’t push all traffic through your VPN server. Be warned that some local resources will probably be inaccessible unless your OpenVPN server can talk to them. You also may have to add a route to your OpenVPN server’s routing table, so it knows how to handle all the traffic coming in on the OpenVPN interface.

Leave a Reply

Your email address will not be published.