OpenVPN - tap interfaces and default gateway
Quick question just to verify i'm not going mental. If using device mode "tap" and i got a fully function connection in the sense that i can ping from client to server without any issues.
However, i want to force my traffic through the VPN and nothing can leak out, no matter what.
I'm stuck on my head around this but shouldn't this be valid in the server.ovpn
?
mode server
tls-server
...
dev tap
dev-node TAP1
ifconfig 192.168.0.1 255.255.255.0
ifconfig-pool 192.168.0.10 192.168.0.20
route-gateway 192.168.0.1
route 192.168.0.0 255.255.255.0 192.168.0.1
client-to-client
push "route 192.168.0.0 255.255.255.0 192.168.0.1"
push "route-gateway 192.168.0.1"
push "redirect-gateway def1"
The client.ovpn
looks like:
client
tls-client
dev tap
dev-node TAP1
...
pull
The connection establishes and what not, the output of the clients log is:
ROUTE default_gateway=<external IP gateway>
PUSH: Recieved control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0 192.168.0.1,route-gateway...
Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.0.10/255.255.255.0 on interface ...
Successful ARP Flush
Added routes 139.. 127.. 192...
All appears to be fine except that a default gateway just isn't set when checking ipconfig /all
The output of the route print
looks like:
Destination Netmask Gateway
0.0.0.0 0.0.0.0 <external Gateway> <-- Wrong?
192.168.0.0 255.255.255.0 On-link
192.168.0.0 255.255.255.0 192.168.0.1
The routing table appears to be off?
Solution 1:
All appears to be fine except that a default gateway just isn't
set when checking
...
push "redirect-gateway def1"
If you use that option, then you don't set a default gateway. Instead two routes should be added for 0.0.0.0/1
, and 128.0.0.0/1
to your VPN.
Solution 2:
I realize this is an old question, but I wanted to add that in my experience, if everything works EXCEPT for the setting of a default gateway, running OpenVPN as administrator will solve the problem on Windows 10.