Route all traffic through OpenVPN

vpn openvpn

Solution 1:

I have tested this using a OpenVPN server and setting up the redirect-gateway def1 option in the client and server config works fine.

When I access whatismyip.org, I see my OpenVPN server's IP.

Below is the client config I use:

client
dev tun
proto udp
# THE IP OF THE REMOTE OPENVPN SERVER:
remote ip_address port
resolv-retry infinite
nobind
persist-key
persist-tun
# THE CSR FILE:
pkcs12 certificate.p12
ns-cert-type server
cipher AES-256-CBC
comp-lzo
redirect-gateway def1
verb 3

I have tested also with appending redirect-gateway def1 option to the openvpn command and achieved same result. The server config is:

port 1194
proto udp
dev tun

dh /etc/openvpn/easy-rsa/keys/dh1024.pem
ca /etc/openvpn/easy-rsa/keys/ca.crt
# ENSURE THE DOMAIN NAME/FILENAME IS CORRECT:
cert /etc/openvpn/easy-rsa/keys/cert.crt
key /etc/openvpn/easy-rsa/keys/cert.key

server 10.5.3.0  255.255.255.0
# YOUR LOCAL SERVER IP HERE:
client-config-dir ccd
route 10.5.3.0 255.255.255.0
ifconfig-pool-persist ipp.txt
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun

status log/openvpn-status.log 5
status-version 2
log-append log/openvpn.log
verb 3  # verbose mode
management localhost port /etc/openvpn/management-password

# ROUTE THE CLIENT'S INTERNET ACCESS THROUGH THIS SERVER:
push "redirect-gateway def1"
push "remote-gateway vpn_server_ip"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 60

Solution 2:

Maybe you forgot to modify your NAT? Run those 3 commands as root

Commands:

iptables -I FORWARD -i tun0 -o eth0 \
         -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT

iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \
         -j ACCEPT

iptables -t nat -I POSTROUTING -o eth0 \
          -s 10.8.0.0/24 -j MASQUERADE

Caption:

  • tun0: your virtual VPN networkcard
  • eth0: your normal networkcard
  • 10.8.0.0: your VPN network ip block

Solution 3:

After a hard looking for the answer it seems I've solved this, maybe partially, but at least very simply:

I use Xubuntu 14.04 and OpenVPN package from main source. In Settings > System > Network, I replaced preinstalled DNS-address 127.0.1.1 with Google's 8.8.8.8, and now I can see all traffic going through the VPN-server.

In Wireshark's table such string as DNS is absent: all data goes like TCP through encrypted channel. I can see DHCP and DNS traffic when I look at tun0 (notebook's internal). When I explore wlan0 traffic (external between notebook and WiFi router) I only get grey TCP packages.

I think it's happening because DNS-query isn't needed in characters-to-numbers decoding and it goes in common stream like a usual data package.

I'll be glad to know your considerations, it will not be surprise if I'm completely wrong

Solution 4:

I faced the same problem and found out when using the PiVPN setup script for Open VPN, the server config contains the line:

push "redirect-gateway def1 bypass-dhcp"

already. On the IOS client everything is routed through the tunnel automatically (that is what the log says).

On the Tunnelblick client you need to add this line in the client.ovpn file:

redirect-gateway def1 bypass-dhcp

and it should work perfectly. At least it did on my Mac.

Related

How can I remove all files from current directory using terminal? [duplicate]
Where are VPN configuration files imported by Network Manager saved?
How can I restart Compiz from a TTY? (& Related, how can I set up a fallback WM?)
apt-get mass install packages from a file?
bluetooth headset connects but not showing in sound settings
Command to rebuild all DKMS modules for all installed kernels?
Ignore "Bad: new and old password are too similar"
Search text within multiple pdfs and docs
Modify the SSH welcome message to include system IP address
How to determine if CPU VT extensions are enabled in bios?
How do I use Unetbootin to make a bootable Windows USB installer?
Dark GTK theme for Ubuntu 16.04 (Unity)