2

I installed OpenVPN on my dedicated server.
Using Viscosity or Tunnelblick on the client, I successfully connected to this server.

However, after some tests, I realized that not all the traffic generated by the client goes through the server. Rather than using 1000 words to explain it, I made an image :

Image is clickable Screenshot

As you can see, the yellow part on the server side doesn't show any activity. I get the same phenomenon for YouTube videos loading for example.

Here is my OpenVPN server configuration file :

mode server
proto tcp
port 1199
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
cipher AES-256-CBC
server 10.8.0.0 255.255.255.0

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120
client-to-client
user nobody
group nogroup
chroot /etc/openvpn/jail
persist-key
persist-tun
comp-lzo
verb 3
mute 20
status openvpn-status.log

And here is the client .opvn configuration file :

client
dev tun
proto tcp
remote MY.SER.VER.IP 1199
resolv-retry infinite
cipher AES-256-CBC
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
nobind
persist-key
persist-tun
comp-lzo
verb 3

Any idea what's wrong ?

EDIT:

I also tried to create the following iptables rule (found on openvpn.net How To page):
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

It doesn't change my problem. However, I can't see any new rule when using iptables --list

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Pierre Espenan
  • 141
  • 1
  • 7

3 Answers3

2

using Viscosity.. just overwrite the routes getting pushed by the vpn server.. Edit the config of the connection -> networking -> send all traffic over vpn connection

Mike
  • 21,910
  • 7
  • 55
  • 79
  • 1
    I already tried to check this box. The problem remains the same. However, I didn't neither fill the "Default Gateway" nor add a rule. Should I ? – Pierre Espenan Apr 18 '13 at 13:46
1

Well, Mike's answer gave me the clue. Viscosity does override some settings.

The solution is to add the redirect command in Extra OpenVPN configuration commands.
To do so, Edit your connection, go to Advanced tab, and add push "redirect-gateway def1": redirect gateway def1 rule in Viscosity


And as Mike said, don't forget to check Send all traffic over vpn connection in Networking tab: Send all traffic over vpn connection in Viscosity

Pierre Espenan
  • 141
  • 1
  • 7
0

To see your nat traffic with iptables use iptables -L -x -n -v -t nat

It will produce an output like so:

Chain PREROUTING (policy ACCEPT 18025 packets, 1535609 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 5580 packets, 335412 bytes)
    pkts      bytes target     prot opt in     out     source               destination
    1575   125569 SNAT       all  --  *      em1     10.0.0.10            0.0.0.0/0           /* oscarbass@att.net */ to:77.245.64.130
     833    93632 SNAT       all  --  *      em1     10.0.0.6             0.0.0.0/0           /* oscarbass@bassdesigns.net */ to:77.245.64.130
    6585   477765 MASQUERADE  all  --  *      em1     0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 12118 packets, 810032 bytes)
    pkts      bytes target     prot opt in     out     source               destination
Jenny D
  • 27,358
  • 21
  • 74
  • 110
Oscar Earle Bass
  • 1