Linksys wrt1900ac router: How to achieve full tunnel?

[mchp92]

Hi
i have an issue getting my OpenVPN to do what I want it.

My goal.
I have an openvpn server running on Linksys wrt1900ac router. I want to use this in 'full tunnel' mode, meaning that ALL traffic i generate on my iphone, will be tunneled to my wrt1900, and from that point it must be routed into my lan or onto the internet.

My challenge.
Currently, my I can reach my LAN ip addresses (so i do get tunnel/connection to my router), but traffic to the internet goes from my device straight onto internet and not through my wrt1900 (whatsmyip.com shows the IP addy I got from 3G provider, even when connection is on). Thus, it seems i have only split tunnel.

My situation
I run the lastest version of OpenVPN connect on iphone 5. I have ovpn configs for two servers I run
- the wrt1900 server, this behaves as described abot
- an openvpn server on a synology nas in my lan. this connection DOES give me full tunneling, to be verified by the IP addy shown in whatsmyip.com (which is same as my ISP WAN side addy, as one would expect).


I have been in contact with linksys for quite some time now, but apart from talking a lot to them about my current setup, I have not really made any progress. As a result from some thinking i did (and some reading on various openvpn-pages), my think this behaviour (full tunnel vs split tunnel) is a setting in the config files my ovpn server provides to load onto my iphone app. below is the text I have in my ovpn from wrt1900. it appears (when comparing with the synoloy config file) that i need to use "redirect-gateway def1". but if i enter that line in my wrt1900 client side config file, i dont have ANY response from ANY site (so split tunnel doesnt work anymore). I guess i need more config options, but have trouble finding out which ones.

What do I need to achieve full tunneling on my WRT1900 vpn connection, just like i can have it on my synology vpn?
(in case you may wonder why i dont just run VPN from my synology - i dont wana abuse my NAS to run a service which I think belongs in a router)

BASIC INFO REGARDING MY WRT1900 (OVPN) SETTINGS
=================================
Subnet for WRT1900: 10.157.147.xxx
VPN IP range: 172.19.1.(2-6)
ConfigFile:
client
dev tun
proto tcp
remote <MY_PUBLIC_ISP_IP> 1194
tun-mtu 6000
mssfix 0
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
auth-user-pass
verb 3
<ca>
blablabla
</ca>
<cert>
blabla
</cert>
<key>
blablabla
</key>

[Traffic]

You should find in your router openvpn configuration menus an option to "redirect all client data over the VPN" or something like that. Enable that option and download the client config to your client device and try again.

[mchp92]

No, i dont have that option
all i get is an option to set VPN server addy, vpn IP subnet (to some extent), port number and protocol.
so I was hoping i could find out which settings to add to the generated config file which i then load into my phone.

essentially, this is a client side setting (as the vpn client app decides to send to the vpn server or not). at least, i believe this is how it works

[Traffic]

No, i dont have that option

Then I suggest you demand your money back from Linksys.

As far as I am concerned that product is over priced garbage.

[mchp92]

That observation doesnt get me any closer to a full tunnel

[Traffic]

Linksys offer this paltry document ..
http://www.linksys.com/us/support-artic ... Num=157327
So I suggest you contact them.

[mchp92]

I did all thats in the doc
I can connect to vpn
But only split tunnel
I did also contact them
My case is with 3rd line support now but its s l o w

[Traffic]

i need to use "redirect-gateway def1". but if i enter that line in my wrt1900 client side config file, i dont have ANY response from ANY site

add this to your client, then connect and post output of ip route

[mchp92]

How do i get that output on my iphone?

[mchp92]

@Traffic
Bump. What exactly are you asking me to do?

[mchp92]

i need to use "redirect-gateway def1". but if i enter that line in my wrt1900 client side config file, i dont have ANY response from ANY site

add this to your client, then connect and post output of ip route

Elaborate, please?

[mchp92]

C'mon guys
Please help me get ahead on this one. Cant be rocket science but i dont have the knowledge of OpenVPN to fix it myself

[Traffic]

Use redirect gateway and then post your client log.

[mchp92]

Like this?

2016-02-13 17:26:12 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-02-13 17:26:12 Session is ACTIVE
2016-02-13 17:26:12 EVENT: GET_CONFIG
2016-02-13 17:26:12 Sending PUSH_REQUEST to server...
2016-02-13 17:26:12 OPTIONS:
0 [redirect-gateway] [def1]
1 [dhcp-option] [DNS] [10.157.147.5]
2 [topology] [subnet]
3 [route-gateway] [172.19.1.1]
4 [route] [10.157.147.0] [255.255.255.0]
5 [ping] [10]
6 [ping-restart] [120]
7 [ifconfig] [172.19.1.2] [255.255.255.0]

2016-02-13 17:26:12 EVENT: ASSIGN_IP
2016-02-13 17:26:12 Connected via tun
2016-02-13 17:26:12 EVENT: CONNECTED <USER>@<MY_WAN_IP>:1194 (192.168.1.113) via /TCPv4 on tun/172.19.1.2/
2016-02-13 17:26:12 SetStatus Connected

[Traffic]

That looks correct .. can you ping websites over the VPN now ?

[mchp92]

Nope. Only IP addy in my LAN
Any regular url on internet starts the "blue bar" in safari then "hangs" at abt 25% length

[Traffic]

Does your router have iptables installed ?

[Pippin]

I see:

Code: Select all

1 [dhcp-option] [DNS] [10.157.147.5]

DNS server is there?

[mchp92]

@Pippin

Yes, that is the gateway addy for my LAN thruogh the wrt1900ac. My whole LAN is on 10.157.147.X/24. The .5 addres is how i reach my router from within my LAN. My VPN is on 172.19.2.0/28
This is how my iphone on my wlan indicates that addy as its DNS

[mchp92]

Does your router have iptables installed ?

What to I need to do to verify this?