How to route openvpn-server traffic over the vpn itself

So I have a server with the public ip address of 101.102.103.104 (for example). This server is running an openvpn server, plus a bunch of other stuff that is listening on the public ip network device ports.

What I want to do is once connecting to 101.102.103.104, route all future traffic to this IP via the VPN.

So for example if I curl 101.102.103.104:8080 it goes via the VPN connection.

I've tried adding a push route to my server.conf like so:

push "route 101.102.103.104 255.255.255.255"

and I even tried adding an exclusion route:

push "route 101.102.103.104 255.255.255.255 net_gateway"

but I didn't seem to work. running sudo route -n still showed the route going via my home router:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
101.102.103.104  192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     9      0        0 wlan0

Any thoughts on how I can accomplish this? I figured the problem was likely the fact that I'm trying to route traffic to the vpn server itself, via the vpn server, and thus forming some sort of infinite loop, but that's just a guess.

Matthew Rathbone

Posted 2014-07-08T02:19:03.453

Reputation: 131

Answers

The routing table you displayed clearly does not route all traffic through the VPN, as shown by the very first line. In its present configuration, all it does is allow the client to have access to the LAN.

The command to route all client traffic through the OpenVPN, including all traffic to third parties (i.e., not the VPN server's LAN) is

  push "redirect-gateway def1"

which is to be added to the server configuration file (you will need to restart the OpenVPN program, for the change to take effect).

Also, since you have setup a routed OpenVPN, not a bridged one, you will need to activate NATting on the server:

  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

This assumes that the interface of the OpenVPN server on the Internet (i.e. the one with IP address 101.102.103.104) is called eth0. Please adjust accordingly.

To check on your configuration, once a connection to the OpenVPN server has been established, issue the following command:

 wget 216.146.39.70:80 -O - -o /dev/null

This will output your apparent IP address. If the output contains 101.102.103.104, you are done.

MariusMatutiae

Posted 2014-07-08T02:19:03.453

Reputation: 41 321