Route all traffic through OpenVPN

Solution 1:

I have tested this using a OpenVPN server and setting up the redirect-gateway def1 option in the client and server config works fine.

When I access whatismyip.org, I see my OpenVPN server's IP.

Below is the client config I use:

client
dev tun
proto udp
# THE IP OF THE REMOTE OPENVPN SERVER:
remote ip_address port
resolv-retry infinite
nobind
persist-key
persist-tun
# THE CSR FILE:
pkcs12 certificate.p12
ns-cert-type server
cipher AES-256-CBC
comp-lzo
redirect-gateway def1
verb 3

I have tested also with appending redirect-gateway def1 option to the openvpn command and achieved same result. The server config is:

port 1194
proto udp
dev tun

dh /etc/openvpn/easy-rsa/keys/dh1024.pem
ca /etc/openvpn/easy-rsa/keys/ca.crt
# ENSURE THE DOMAIN NAME/FILENAME IS CORRECT:
cert /etc/openvpn/easy-rsa/keys/cert.crt
key /etc/openvpn/easy-rsa/keys/cert.key

server 10.5.3.0  255.255.255.0
# YOUR LOCAL SERVER IP HERE:
client-config-dir ccd
route 10.5.3.0 255.255.255.0
ifconfig-pool-persist ipp.txt
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun

status log/openvpn-status.log 5
status-version 2
log-append log/openvpn.log
verb 3  # verbose mode
management localhost port /etc/openvpn/management-password

# ROUTE THE CLIENT'S INTERNET ACCESS THROUGH THIS SERVER:
push "redirect-gateway def1"
push "remote-gateway vpn_server_ip"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 60

Solution 2:

Maybe you forgot to modify your NAT? Run those 3 commands as root

Commands:

iptables -I FORWARD -i tun0 -o eth0 \
         -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT

iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \
         -j ACCEPT

iptables -t nat -I POSTROUTING -o eth0 \
          -s 10.8.0.0/24 -j MASQUERADE

Caption:

  • tun0: your virtual VPN networkcard
  • eth0: your normal networkcard
  • 10.8.0.0: your VPN network ip block

Solution 3:

After a hard looking for the answer it seems I've solved this, maybe partially, but at least very simply:

I use Xubuntu 14.04 and OpenVPN package from main source. In Settings > System > Network, I replaced preinstalled DNS-address 127.0.1.1 with Google's 8.8.8.8, and now I can see all traffic going through the VPN-server.

In Wireshark's table such string as DNS is absent: all data goes like TCP through encrypted channel. I can see DHCP and DNS traffic when I look at tun0 (notebook's internal). When I explore wlan0 traffic (external between notebook and WiFi router) I only get grey TCP packages.

I think it's happening because DNS-query isn't needed in characters-to-numbers decoding and it goes in common stream like a usual data package.

I'll be glad to know your considerations, it will not be surprise if I'm completely wrong

Solution 4:

I faced the same problem and found out when using the PiVPN setup script for Open VPN, the server config contains the line:

push "redirect-gateway def1 bypass-dhcp"

already. On the IOS client everything is routed through the tunnel automatically (that is what the log says).

On the Tunnelblick client you need to add this line in the client.ovpn file:

redirect-gateway def1 bypass-dhcp

and it should work perfectly. At least it did on my Mac.