Tunneling traffic from eth0 to tun0 (OpenVPN) Ububtu 12.04

Following the steps described here I've managed to configure both the VPN server and client(I can ping both ways). Their respective configuration files are:

server:

;local a.b.c.d

port 1194

;proto tcp
proto udp

push "redirect-gateway def1"

;dev tap

dev tun

ca ca.crt

cert certificate_server.crt

key certificate_server.key  

dh dh1024.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

;push "route 192.168.10.0 255.255.255.0"

;push "route 192.168.20.0 255.255.255.0"

;client-config-dir ccd

;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 10.9.0.0 255.255.255.252

;learn-address ./script

;push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 208.67.222.222"

;push "dhcp-option DNS 208.67.220.220"


;client-to-client
;duplicate-cn

keepalive 10 120

comp-lzo

persist-key
persist-tun

status openvpn-status.log

;log         openvpn.log
;log-append  openvpn.log

client:

client

;dev tap

dev tun

;dev-node MyTap

;proto tcp
proto udp

remote <external_server_ip> 1194

;remote my-server-2 1194

push "dhcp-option DNS 10.8.0.1"

;remote-random

resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt
cert certificate_client.crt
key certificate_client.key


ns-cert-type server

;tls-auth ta.key 1

comp-lzo

The network layout is the following: I am using a client to connect to a server which is located behind a NAT. I have forwarded port 1194 on the NAT device and managed to ping the server successfully. Now I would like to route all traffic from my client's eth0 interface to the tun0 interface. Running ifconfig on the client gives:

eth0      Link encap:Ethernet  HWaddr 01:02:03:04:05:06  
          inet addr:172.26.0.206  Bcast:172.26.255.255  Mask:255.255.0.0
          inet6 addr: fe80::3285:a9ff:fe0b:fee8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15579878 errors:0 dropped:2 overruns:0 frame:0
          TX packets:3774742 errors:0 dropped:0 overruns:0 carrier:4
          collisions:0 txqueuelen:1000 
          RX bytes:7365014496 (7.3 GB)  TX bytes:349016660 (349.0 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:132571 errors:0 dropped:0 overruns:0 frame:0
          TX packets:132571 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:6718530 (6.7 MB)  TX bytes:6718530 (6.7 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1296 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:102968 (102.9 KB)

wlan0     Link encap:Ethernet  HWaddr 01:01:01:01:01:01  
          inet addr:192.168.0.103  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::de85:deff:fe32:241f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:284664 errors:0 dropped:0 overruns:0 frame:0
          TX packets:99157 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:177617284 (177.6 MB)  TX bytes:32064393 (32.0 MB)

while running the command on the server outputs:

eth0      Link encap:Ethernet  HWaddr 06:05:04:03:02:01 
          inet addr:192.168.2.7  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::219:d1ff:fefe:de8a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:44596 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22418 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9082333 (9.0 MB)  TX bytes:5007949 (5.0 MB)
          Interrupt:20 Memory:e3200000-e3220000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:394157 errors:0 dropped:0 overruns:0 frame:0
          TX packets:394157 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:19763027 (19.7 MB)  TX bytes:19763027 (19.7 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:7615 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:463861 (463.8 KB)  TX bytes:588 (588.0 B)

On my client IPv4 packet forwarding is enabled; my routing tables on the client machine are: client:

$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.8.0.5        128.0.0.0       UG        0 0          0 tun0
0.0.0.0         172.26.0.1      0.0.0.0         UG        0 0          0 eth0
10.8.0.1        10.8.0.5        255.255.255.255 UGH       0 0          0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
<server_external_ip>  172.26.0.1      255.255.255.255 UGH       0 0          0 eth0
128.0.0.0       10.8.0.5        128.0.0.0       UG        0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
172.26.0.0      0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0

while on the server:

server:

0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0

How may I route all traffic from eth0 to tun0 on the client machine? I've tried adding an entry in my routing table:

sudo route add default gw 10.8.0.1 

The output is:

SIOCADDRT: No such process

Also, after this step the connection stopped working, I could no longer ping the server from the client; traffic on eth0 could no longer be forwarded.

Solution 1:

Your OpenVPN instance is working on Point to Point mode so your default gateway is not 10.8.0.1.

Looking at your client routing table, it seems the OpenVPN client have correctly set up routes, so that the VPN server is your default gateway now (this is instructed by redirect-gateway def1 in server config):

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.8.0.5        128.0.0.0       UG        0 0          0 tun0
128.0.0.0       10.8.0.5        128.0.0.0       UG        0 0          0 tun0

So you have basically achieved what you want - letting all traffic that originally goes through eth0 goes to tun0 now.

If you are wondering why Internet cannot be reached after dialing VPN (cannot visit other website), you may follow what @Bill said: Set up NAT and IP forwarding on server.

This is simple, too:

# sysctl -w net.ipv4.ip_forward=1
# iptables -t nat -A POSTROUTING ! -o lo -j MASQUERADE

If you are paranoid, change the second line according to @Bill's answer.

Solution 2:

Reroute traffic from your local subnet to the tun0 interface:

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o tun0 -j MASQUERADE