OpenVPN Support Forum

Hi all,

is it possible to force an Android device to use only the VPN tunnel for ALL network communication (well except for the actual communication with the VPN server, which obviously has to use the default gateway) ?

the relevant lines of my server.conf:
dev tun
server 10.8.0.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.1"

192.168.1.0/24 is my home LAN, my OpenVPN server takes care of routing 10.8.0.0/24 through my home LAN, so I have no problem accessing the internet, or the hosts on my home network through the VPN tunnel.

However, when my Android device is connected to a network that uses the 192.168.1.0/24 address space as well, I can no longer connect to my home network, since the android device uses the default gateway for accessing 192.168.1.0/24, and not the VPN tunnel.

So except for the obvious solution involving reconfiguring my home LAN to use some not very common address space, is there some other way how I can force the Android device to use only the VPN tunnel ?

thanks

If you make the assumption that the default gateway will always be .1, you could push more-specific routes than /24. That should override the less-specific directly-attached /24:

Thankfully, if you have access to a Linux box, you needn't generate the list by hand:
This won't let you access your 192.168.1.1, if you need to do that as well, you'll probably need to root the phone, and use the Linux policy routing tools.

You could also have your remote VPN gateway do a 1:1 NAT translation, so that you can access 192.168.1.1 as 192.168.255.1 (etc.) as well. Then you pick whichever works on the network you're on.