Page 1 of 1

redirect-gateway def1 apparently ignored

Posted: Sat Jun 30, 2018 7:43 pm
by DavideDes
Hi everyone. I'm rather new to OpenVPN, I have been using it for 10 months and in that period I wasn't able to solve an issue I'm facing. :cry:

The configuration:
I'm running an OpenVPN server on my Synology NAS.
My clients are:
  • A laptop running Windows 10 and the 2.4.6 version of OpenVPN
  • An android phone with 3.0.5 client app version.
The configuration file is in a shared folder in common between the clients.

Both the devices can connect to the VPN without any error appearing in the log.If I browse the web the external IP shown is the one of my server, as I expected.

During the day I have to connect to a wireless network wich is behind a firewall wich filters many of the connections. The clients are able to connect to my VPN and when surfing the web, the external IP is again the one of the VPN server.

The problem:
I have a synchronization app/software called Synology Drive which takes care of updating some shared folders among all my electronic devices. This software normally does not work under the mentioned wifi network because the firewall.
Connecting the phone to the VPN the app is able to connect to the cloud server and everything works like charm.
When I try to do the same with my laptop the connection doesn't start and it looks like the firewall is blocking it.

Tests done:
I've tried to do some tests on other wifi networks on which it's not running a firewall. Synology Drive is able to connect to the server, also if the VPN is connected.

The setup:

Code: Select all

dev tun
tls-client

remote ******:****

redirect-gateway local def1
redirect-gateway def1

dhcp-option DNS 208.67.222.222
dhcp-option DNS 208.67.220.220

pull

proto udp

script-security 2

remote-cert-tls server

comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass

<ca>
-----BEGIN CERTIFICATE-----
*********************************
*********************************
*********************************
*********************************
-----END CERTIFICATE-----
</ca>
I was sure that with the lines :

Code: Select all

redirect-gateway local def1
redirect-gateway def1

I was forcing all the network traffic on the VPN (even if on the same network of my VPN),apparently this is not so.... Why am I wrong?
Are the packets I'm sending effectively encrypted?

Any help/hint/suggestion is appreciated, thank you!

Re: redirect-gateway def1 apparently ignored

Posted: Mon Jul 02, 2018 6:31 pm
by DavideDes
Edit: actually I have just

Code: Select all

redirect-gateway def1
Not the two lines as I reported in the post

Re: redirect-gateway def1 apparently ignored

Posted: Mon Jul 02, 2018 8:39 pm
by TinCanTech

Re: redirect-gateway def1 apparently ignored

Posted: Fri Jul 06, 2018 5:35 pm
by DavideDes
TinCanTech wrote:
Mon Jul 02, 2018 8:39 pm
Please see:
HOWTO: Request Help ! {2}
Hi! I read that guide before writing this post.
I left the DNS addresses because they are of a public server. If this is the problem I would like to fix it but It looks like I can't edit the original post anymore. :oops:
Did I miss something else? :(

Re: redirect-gateway def1 apparently ignored

Posted: Mon Jul 16, 2018 6:15 pm
by TinCanTech
DavideDes wrote:
Sat Jun 30, 2018 7:43 pm
I was sure that with the lines :

Code: Select all

redirect-gateway local def1
redirect-gateway def1
I was forcing all the network traffic on the VPN (even if on the same network of my VPN),apparently this is not so
Indeed .. only the second directive will be applied because it over writes the first.

Not that I believe that is what you want but you can try this instead:

Code: Select all

redirect-gateway def1 block-local
See --redirect-gateway in The Manual v24x
DavideDes wrote:
Fri Jul 06, 2018 5:35 pm
did I miss something else?
That would be your log files at --verb 4