I have a openVPN set up on the server and I am using openVPN connect for my client. I have some internal websites that I need to access and some of them don't work. I want to make sure that when the traffic is going through the VPN and not though the normal internet connection. The gateway ip for my network is 192.168.0.1 and the gateway for openVPN is 10.8.0.1. I have done trace route and it shows that the websites that don't work access 192.168.0.1 and not 10.8.0.1. How would I force all of the traffic through the vpn? I am running windows 7 as the client and ubuntu 10.04 for the server.
Asked
Active
Viewed 1.7e+01k times
20
-
Please see http://serverfault.com/questions/49765/how-does-ipv4-subnetting-work and set the correct routes. – Hennes Feb 18 '13 at 21:08
-
He needs help with the "set the correct routes" part, not with ipv4. – gparent Feb 18 '13 at 21:11
-
I set the route on the windows machine and it goes to the vpn but it doesn't make it any farther. – monkthemighty Feb 19 '13 at 18:57
3 Answers
27
If you want to configure this on the client side, put
redirect-gateway def1
in your client.ovpn file.
LAamanni
- 371
- 3
- 3
17
From the OpenVPN HowTo Documentation
Implementation
Add the following directive to the server configuration file:
push "redirect-gateway def1"
If your VPN setup is over a wireless network, where all clients and the server are on the same wireless subnet, add the local flag:
push "redirect-gateway local def1"
Pushing the redirect-gateway option to clients will cause all IP network traffic originating on client machines to pass through the OpenVPN server. The server will need to be configured to deal with this traffic somehow, such as by NATing it to the internet, or routing it through the server site's HTTP proxy.
On Linux, you could use a command such as this to NAT the VPN client traffic to the internet:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
This command assumes that the VPN subnet is 10.8.0.0/24 (taken from the server directive in the OpenVPN server configuration) and that the local ethernet interface is eth0.
When redirect-gateway is used, OpenVPN clients will route DNS queries through the VPN, and the VPN server will need handle them. This can be accomplished by pushing a DNS server address to connecting clients which will replace their normal DNS server settings during the time that the VPN is active. For example:
push "dhcp-option DNS 10.8.0.1" will configure Windows clients (or non-Windows clients with some extra server-side scripting) to use 10.8.0.1 as their DNS server. Any address which is reachable from clients may be used as the DNS server address.
JRodDynamite
- 103
- 3
R. S.
- 1,624
- 12
- 19
-
2Well, hello there! I came looking for the answer and imagine my surprise when I saw your answer. *tips hat* – Harv Sep 30 '16 at 01:36
2
I had the same issue but the solution described above did not work for me. In my openvpn configuration, I had to write
redirect-gateway def1
without the push and without the quotes - then it worked.
The Client was Windows 10 1607 with OpenVPN 3.2.12.
Torsten
- 21
- 1
-
3"In my openvpn configuration..." well, _client_ or _server_ configuration? I suspect the `push "redirect-gateway local def1"` directive belongs in the _server_ config file. – András Aszódi Feb 15 '18 at 12:57
-
The `local` is only for when OpenVPN clients and server sit on the same subnet. It has nothing to do with whether you're editing the server or a client config. – Sixtyfive Jul 29 '19 at 12:10