redirect-gateway def1 apparently ignored

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
DavideDes
OpenVpn Newbie
Posts: 3
Joined: Fri Jun 29, 2018 6:29 pm

redirect-gateway def1 apparently ignored

Post by DavideDes » Sat Jun 30, 2018 7:43 pm

Hi everyone. I'm rather new to OpenVPN, I have been using it for 10 months and in that period I wasn't able to solve an issue I'm facing. :cry:

The configuration:
I'm running an OpenVPN server on my Synology NAS.
My clients are:
  • A laptop running Windows 10 and the 2.4.6 version of OpenVPN
  • An android phone with 3.0.5 client app version.
The configuration file is in a shared folder in common between the clients.

Both the devices can connect to the VPN without any error appearing in the log.If I browse the web the external IP shown is the one of my server, as I expected.

During the day I have to connect to a wireless network wich is behind a firewall wich filters many of the connections. The clients are able to connect to my VPN and when surfing the web, the external IP is again the one of the VPN server.

The problem:
I have a synchronization app/software called Synology Drive which takes care of updating some shared folders among all my electronic devices. This software normally does not work under the mentioned wifi network because the firewall.
Connecting the phone to the VPN the app is able to connect to the cloud server and everything works like charm.
When I try to do the same with my laptop the connection doesn't start and it looks like the firewall is blocking it.

Tests done:
I've tried to do some tests on other wifi networks on which it's not running a firewall. Synology Drive is able to connect to the server, also if the VPN is connected.

The setup:

Code: Select all

dev tun
tls-client

remote ******:****

redirect-gateway local def1
redirect-gateway def1

dhcp-option DNS 208.67.222.222
dhcp-option DNS 208.67.220.220

pull

proto udp

script-security 2

remote-cert-tls server

comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass

<ca>
-----BEGIN CERTIFICATE-----
*********************************
*********************************
*********************************
*********************************
-----END CERTIFICATE-----
</ca>
I was sure that with the lines :

Code: Select all

redirect-gateway local def1
redirect-gateway def1

I was forcing all the network traffic on the VPN (even if on the same network of my VPN),apparently this is not so.... Why am I wrong?
Are the packets I'm sending effectively encrypted?

Any help/hint/suggestion is appreciated, thank you!

DavideDes
OpenVpn Newbie
Posts: 3
Joined: Fri Jun 29, 2018 6:29 pm

Re: redirect-gateway def1 apparently ignored

Post by DavideDes » Mon Jul 02, 2018 6:31 pm

Edit: actually I have just

Code: Select all

redirect-gateway def1
Not the two lines as I reported in the post

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: redirect-gateway def1 apparently ignored

Post by TinCanTech » Mon Jul 02, 2018 8:39 pm


DavideDes
OpenVpn Newbie
Posts: 3
Joined: Fri Jun 29, 2018 6:29 pm

Re: redirect-gateway def1 apparently ignored

Post by DavideDes » Fri Jul 06, 2018 5:35 pm

TinCanTech wrote:
Mon Jul 02, 2018 8:39 pm
Please see:
HOWTO: Request Help ! {2}
Hi! I read that guide before writing this post.
I left the DNS addresses because they are of a public server. If this is the problem I would like to fix it but It looks like I can't edit the original post anymore. :oops:
Did I miss something else? :(

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: redirect-gateway def1 apparently ignored

Post by TinCanTech » Mon Jul 16, 2018 6:15 pm

DavideDes wrote:
Sat Jun 30, 2018 7:43 pm
I was sure that with the lines :

Code: Select all

redirect-gateway local def1
redirect-gateway def1
I was forcing all the network traffic on the VPN (even if on the same network of my VPN),apparently this is not so
Indeed .. only the second directive will be applied because it over writes the first.

Not that I believe that is what you want but you can try this instead:

Code: Select all

redirect-gateway def1 block-local
See --redirect-gateway in The Manual v24x
DavideDes wrote:
Fri Jul 06, 2018 5:35 pm
did I miss something else?
That would be your log files at --verb 4

Post Reply