route all traffic over vpn using openvpn connect on android?

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
pigro
OpenVpn Newbie
Posts: 6
Joined: Sat Jan 26, 2013 3:52 pm

route all traffic over vpn using openvpn connect on android?

Post by pigro » Tue Jan 29, 2013 2:11 pm

Hi. I would like to use openvpn connect on an unrooted Samsung Galaxy Note in order to connect over 3G to my home Win XP box (which runs openvpn 2.2.2). My end goal is to be able then to run a remote desktop session on the phone over my vpn to a 3rd party Windows server that sits behind a corporate firewall. THat firewall has an exception to allow RDP traffic originating from the static IP address of my home broadband.

I already have this scenario working on an old Nokia N800 smartphone (which gives root without hacking), and I also had it working on my samsung whilst it was rooted using the 'original' openvpn client by friedrich shauffelhut.

In both cases the phones were connecting using TAP and the XP box had an ethernet bridge setup such that the clients got local IP's on the same subnet as my XP box (192.168.222.0/24). My openvpn server script used push "redirect-gateway def1" to force all IP traffic to go over the vpn, and this had the desired effect that, when I had the vpn established and then started an RDP to the 3rd party server on my phone, the IP address presented to their firewall was that of my home broadband's static IP, and therefore my RDP session connected OK.

Unfortunately, I have had to unroot my samsung, and I'm now trying to replicate the above RDP access solution with the new "non-root" openvpn client for android, but I can no longer use the TAP device as it isn't supported on openvpn connect.

So, I set up a second openvpn instance to listen on a separate port on the XP box, and configured it as tun. Other than the tap->tun changes the rest of the server and client config files are the same.

The XP box is at static IP 192.168.222.10, and is connected over powerline ethernet to my netgear modem/router (182.168.222.1). The subnet IO used for the vpn is 10.8.0.0/24.

When I connect with 'push "redirect gateway loc1"' in the server config file, I get connected OK to my XP server, and I can ping 10.8.0.1 (vpn endpoint on server) and 192.168.222.10 (server's static IP on my LAN) but I can't ping any external IP's, use the phone browser to surf, or connect to my 3rd party server over RDP. Note - this isn't a DNS problem, it's total lack of routing to external IP's. I've confirmed that by overriding the DNS servers locally on the phone.

If I comment out 'push "redirect-gateway def1"' from the server config file then I can connect, I can ping 10.8.0.1 but NOT 192.168.222.10, and I can browse the internet but with the traffic NOT transiting my vpn. All ow which is as I'd expect, but of course I can't RDP to the 3rd party server as I'm presenting the wrong IP.

I know I need to do something with the routing tables on the phone and/or server ends to change the default gateway such that I can force all traffic over the vpn and still have traffic bound for external IP's get to their destination, but I have stumbles around for days making "suck it and see changes" with no joy and I'm now stumped. Can anyone advise?

TIA to any kind soul who can help me!

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: route all traffic over vpn using openvpn connect on andr

Post by maikcat » Tue Jan 29, 2013 2:26 pm

please post configs used & logs,

did you enable ip forwarding on xp?
is there any firewall running on xp?

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

pigro
OpenVpn Newbie
Posts: 6
Joined: Sat Jan 26, 2013 3:52 pm

Re: route all traffic over vpn using openvpn connect on andr

Post by pigro » Tue Jan 29, 2013 3:47 pm

Hi Michael, thanks for the quick reply. Yes, I enabled IP forwarding on XP (by setting: HKEY_LOCAL_MACHINE\SYSTEM\currentControlSet\Services\Tcpip\Parameters\IPEnableRouter=1 in the registry, if that is what you mean). However, please note that I have *NOT* added any custom routes to the XP routing table since I did so. FYI, here is the current XP routing:

Code: Select all


C:\Documents and Settings\graeme>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff 68 70 80 a0 ...... TAP-Win32 Adapter V9 #2 - Packet Scheduler Minip
ort
0x3 ...02 e0 18 a0 bf 0f ...... MAC Bridge Miniport - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.222.1  192.168.222.10       30
         10.8.0.0  255.255.255.252         10.8.0.1        10.8.0.1       30
         10.8.0.0    255.255.255.0         10.8.0.2        10.8.0.1       1
         10.8.0.1  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.8.0.1        10.8.0.1       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
    192.168.222.0    255.255.255.0   192.168.222.10  192.168.222.10       30
   192.168.222.10  255.255.255.255        127.0.0.1       127.0.0.1       30
  192.168.222.255  255.255.255.255   192.168.222.10  192.168.222.10       30
        224.0.0.0        240.0.0.0         10.8.0.1        10.8.0.1       30
        224.0.0.0        240.0.0.0   192.168.222.10  192.168.222.10       30
  255.255.255.255  255.255.255.255         10.8.0.1        10.8.0.1       1
  255.255.255.255  255.255.255.255   192.168.222.10  192.168.222.10       1
Default Gateway:     192.168.222.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\graeme>
I do have windows firewall running on XP (and the hardware firewall on the router itself). The XP firewall is enabled on the TAP-Win32 adaptor to which I am connecting, but I had already tried disabling the firewall on that interface, it made no difference (i.e. regardless of whether I enabled or disabled the firewall, I could still connect successfully, and ping the 10.8.0.1 endpoint thereafter).

For config/logs, I'll focus on the config that I think *should* work out-the-box, i.e. the one where I use push "redirect-gateway def1"

server config:

Code: Select all

local 192.168.222.10
port 11195
proto udp
dev tun
dev-node openvpn-tun
mode server
ca "c:\\program files\\openvpn\\easy-rsa\\keys\\ca.crt"
cert "c:\\program files\\openvpn\\easy-rsa\\keys\\server.crt"
key "c:\\program files\\openvpn\\easy-rsa\\keys\\server.key" 
dh "c:\\program files\\openvpn\\easy-rsa\\keys\\dh1024.pem"

ifconfig-pool-persist tun-ipp.txt
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
;push "DHCP-option DNS 192.168.222.1"

keepalive 10 120
comp-lzo
max-clients 2
persist-key
persist-tun
status openvpn-tun-status.log
;log         openvpn.log
;log-append  openvpn.log
verb 3
;mute 20
client:

Code: Select all

;script-security 2
;resolv-retry infinite
client
remote x 11195
;remote x 11195
dev tun
proto udp
nobind
persist-key
persist-tun
ca /sdcard/openvpn/ca.crt
cert /sdcard/openvpn/note.crt
key /sdcard/openvpn/note.key
comp-lzo
verb 3
the server log is :

Code: Select all

Tue Jan 29 15:27:29 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Tue Jan 29 15:27:29 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 29 15:27:30 2013 Diffie-Hellman initialized with 1024 bit key
Tue Jan 29 15:27:30 2013 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jan 29 15:27:30 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jan 29 15:27:30 2013 ROUTE default_gateway=192.168.222.1
Tue Jan 29 15:27:30 2013 TAP-WIN32 device [openvpn-tun] opened: \\.\Global\{687080A0-0017-474F-9D62-711420DFF7C7}.tap
Tue Jan 29 15:27:30 2013 TAP-Win32 Driver Version 9.9 
Tue Jan 29 15:27:30 2013 TAP-Win32 MTU=1500
Tue Jan 29 15:27:30 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {687080A0-0017-474F-9D62-711420DFF7C7} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Tue Jan 29 15:27:30 2013 Sleeping for 10 seconds...
Tue Jan 29 15:27:40 2013 NOTE: FlushIpNetTable failed on interface [2] {687080A0-0017-474F-9D62-711420DFF7C7} (status=1413) : Invalid index.  
Tue Jan 29 15:27:41 2013 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Tue Jan 29 15:27:42 2013 Route addition via IPAPI succeeded [adaptive]
Tue Jan 29 15:27:42 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 29 15:27:42 2013 UDPv4 link local (bound): 192.168.222.10:11195
Tue Jan 29 15:27:42 2013 UDPv4 link remote: [undef]
Tue Jan 29 15:27:42 2013 MULTI: multi_init called, r=256 v=256
Tue Jan 29 15:27:42 2013 IFCONFIG POOL: base=10.8.0.4 size=62
Tue Jan 29 15:27:42 2013 IFCONFIG POOL LIST
Tue Jan 29 15:27:42 2013 note,10.8.0.4
Tue Jan 29 15:27:42 2013 Initialization Sequence Completed
Tue Jan 29 15:28:57 2013 MULTI: multi_create_instance called
Tue Jan 29 15:28:57 2013 212.183.128.5:5504 Re-using SSL/TLS context
Tue Jan 29 15:28:57 2013 212.183.128.5:5504 LZO compression initialized
Tue Jan 29 15:28:57 2013 212.183.128.5:5504 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jan 29 15:28:57 2013 212.183.128.5:5504 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 29 15:28:57 2013 212.183.128.5:5504 Local Options hash (VER=V4): '530fdded'
Tue Jan 29 15:28:57 2013 212.183.128.5:5504 Expected Remote Options hash (VER=V4): '41690919'
Tue Jan 29 15:28:57 2013 212.183.128.5:5504 TLS: Initial packet from 212.183.128.5:5504, sid=f653ab11 39c1f8bb
Tue Jan 29 15:29:02 2013 212.183.128.5:5504 VERIFY OK: depth=1, /CN=server
Tue Jan 29 15:29:02 2013 212.183.128.5:5504 VERIFY OK: depth=0, /CN=note
Tue Jan 29 15:29:02 2013 212.183.128.5:5504 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 29 15:29:02 2013 212.183.128.5:5504 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 29 15:29:02 2013 212.183.128.5:5504 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 29 15:29:02 2013 212.183.128.5:5504 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 29 15:29:02 2013 212.183.128.5:5504 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 29 15:29:02 2013 212.183.128.5:5504 [note] Peer Connection Initiated with 212.183.128.5:5504
Tue Jan 29 15:29:02 2013 note/212.183.128.5:5504 MULTI: Learn: 10.8.0.6 -> note/212.183.128.5:5504
Tue Jan 29 15:29:02 2013 note/212.183.128.5:5504 MULTI: primary virtual IP for note/212.183.128.5:5504: 10.8.0.6
Tue Jan 29 15:29:03 2013 note/212.183.128.5:5504 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan 29 15:29:03 2013 note/212.183.128.5:5504 SENT CONTROL [note]: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
re. client logs, the openvpn connect app seems to allow you to view the log, but I can't see any way to save the log from within the app, and the log window doesn't support cut & paste. There are no menu options available whilst viewing the log and the "pause" button does not change that. I don't know where on Android the underlying log file is stored, I had a look around but couldn't see it. Can you advise where I can find the actual log file so I can copy it for you?

pigro
OpenVpn Newbie
Posts: 6
Joined: Sat Jan 26, 2013 3:52 pm

Re: route all traffic over vpn using openvpn connect on andr

Post by pigro » Mon Feb 04, 2013 4:45 pm

ok, I guess nobody has any good ideas to offer without access to client logs :-(

Can I ask then, if it is normal for the TAP-Win32 device which is created by openvpn to have no default gateway?

I have two TAP-win32 devices (openvpn, which is part of a bridge, and openvpn-tun which I am attempting to use at present).

Below I've pasted in output from the DOS "ipconfig /all" command on my XP server, with 2 openvpn instances running (a tap server on UDP port 11194 and a tun server on UDP port 11195). There was one tun openvpn android client connected at the time.

Code: Select all

C:\Documents and Settings\graeme>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : VAIO
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : Yes

Ethernet adapter Network Bridge (Network Bridge) 2:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : MAC Bridge Miniport
        Physical Address. . . . . . . . . : 02-E0-18-A0-BF-0F
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.222.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.222.1
        DNS Servers . . . . . . . . . . . : 8.8.8.8
                                            8.8.4.4

Ethernet adapter openvpn-tun:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : TAP-Win32 Adapter V9 #2
        Physical Address. . . . . . . . . : 00-FF-68-70-80-A0
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.8.0.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.252
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 10.8.0.2
        Lease Obtained. . . . . . . . . . : 04 February 2013 16:19:23
        Lease Expires . . . . . . . . . . : 04 February 2014 16:19:23

C:\Documents and Settings\graeme>
As you'll see, the openvpn-tun device has no default gateway defined. I guess it is this which is stopping my server config script from managing to make the push "redirect-gateway def1" work properly at the client end, leaving thew client unable to get to any addresses outwith the vpn subnet?

Below is the output from DOS's route print command:

Code: Select all

C:\Documents and Settings\graeme>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...02 e0 18 a0 bf 0f ...... MAC Bridge Miniport - Packet Scheduler Minipo
0x20002 ...00 ff 68 70 80 a0 ...... TAP-Win32 Adapter V9 #2 - Packet Schedule
iniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.222.1  192.168.222.10       30
         10.8.0.0  255.255.255.252         10.8.0.1        10.8.0.1       30
         10.8.0.0    255.255.255.0         10.8.0.2        10.8.0.1       1
         10.8.0.1  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.8.0.1        10.8.0.1       30
      23.14.4.136  255.255.255.255    192.168.222.1  192.168.222.10       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
   173.194.67.121  255.255.255.255    192.168.222.1  192.168.222.10       30
    192.168.222.0    255.255.255.0   192.168.222.10  192.168.222.10       30
   192.168.222.10  255.255.255.255        127.0.0.1       127.0.0.1       30
  192.168.222.255  255.255.255.255   192.168.222.10  192.168.222.10       30
        224.0.0.0        240.0.0.0         10.8.0.1        10.8.0.1       30
        224.0.0.0        240.0.0.0   192.168.222.10  192.168.222.10       30
  255.255.255.255  255.255.255.255         10.8.0.1        10.8.0.1       1
  255.255.255.255  255.255.255.255   192.168.222.10  192.168.222.10       1
Default Gateway:     192.168.222.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\graeme>
I suppose I need to set the default gateway for openvpn-tun to my router's internal IP 192.168.222.1 - but I don't know how to do that. Attempting to do so via the windows GUI in TCP/IP properties has no effect and I can't make the DOS "route" command add a default gateway for that interface.

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: route all traffic over vpn using openvpn connect on andr

Post by maikcat » Mon Feb 04, 2013 5:45 pm

hi there,

openvpn virtual interface doesnt get default gateway setting.

you need to check if your client gets the redirect gateway statement
and if it changes their routing table accordingly...

btw,

if you were using linux as openvpn server and you wanted to
pass all traffic via openvpn server you had to enable NAT
on openvpn server itself, so traffic passing via tunnel from your clients
would seem to come from openvpn server itself

or

you should setup your openvpn servers lan side router to:

NAT traffic originating from vpn subnet &
know were to route packets that coming from/to openvpn tunnel..

confused? :)

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

pigro
OpenVpn Newbie
Posts: 6
Joined: Sat Jan 26, 2013 3:52 pm

Re: route all traffic over vpn using openvpn connect on andr

Post by pigro » Mon Feb 04, 2013 7:25 pm

the client log shows

18:57:05:324 -- OPTIONS:
0 [redirect-gateway] [def1]
1 [route] [10.8.0.1]
2 [topology] [net30]
3 [ping] [10]
4 [ping-restart [120]
5 [ifconfig] [10.8.0.6] [10.8.0.5]

18:57:05:326 -- LZO-ASYM init swap=0 asym=0
18:57:05:331 -- EVENT:ASSIGN_IP
18:57:05:480 -- Connected via tun
18:57:05:481 -- EVENT:CONNECTED

that is with verbosity 3, there are no errors shown.

I'm struggling to show the routing table on android without root but hopefully the below helps:

app_143@android:/ $ netstat -r
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:7777 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32500 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:33367 127.0.0.1:7777 ESTABLISHED
tcp 0 0 127.0.0.1:7777 127.0.0.1:33367 ESTABLISHED
tcp 0 0 127.0.0.1:33225 127.0.0.1:7777 ESTABLISHED
tcp 0 0 127.0.0.1:7777 127.0.0.1:33226 ESTABLISHED
tcp 0 0 127.0.0.1:7777 127.0.0.1:37303 ESTABLISHED
tcp 0 0 127.0.0.1:33226 127.0.0.1:7777 ESTABLISHED
tcp 0 0 127.0.0.1:7777 127.0.0.1:33225 ESTABLISHED
udp 0 0 10.107.92.215:44035 XX.XX.XX.XXX:11195 ESTABLISHED
udp 0 0 10.8.0.6:23599 8.8.8.8:53 ESTABLISHED
udp 0 0 10.8.0.6:22792 8.8.8.8:53 ESTABLISHED
udp 0 0 10.8.0.6:55804 8.8.4.4:53 ESTABLISHED
tcp6 102 0 ::ffff:10.107.92.215:54209 ::ffff:74.125.132.188:5228 ESTABLISHED
tcp6 0 0 ::ffff:127.0.0.1:37303 ::ffff:127.0.0.1:7777 ESTABLISHED
app_143@android:/ $

btw,

if you were using linux as openvpn server and you wanted to
pass all traffic via openvpn server you had to enable NAT
on openvpn server itself, so traffic passing via tunnel from your clients
would seem to come from openvpn server itself
yes, I suspect I need to do something in XP to do this, I just don't know what (I have already enabled IP forwarding, so I think I "just" need to add a route but I don't know what or how)

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: route all traffic over vpn using openvpn connect on andr

Post by maikcat » Tue Feb 05, 2013 6:47 am

yes, I suspect I need to do something in XP to do this, I just don't know what (I have already enabled IP forwarding, so I think I "just" need to add a route but I don't know what or how)
user bebop wrote a very good howto with windows 7 instead of xp,
can you take a look at it?

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

pigro
OpenVpn Newbie
Posts: 6
Joined: Sat Jan 26, 2013 3:52 pm

Re: route all traffic over vpn using openvpn connect on andr

Post by pigro » Tue Feb 05, 2013 1:15 pm

Hi Michael, THANK YOU!

I had a search for the thread you suggested, and in doing so I found another one by Bebop, specific to XP (God knows how that thread never came up in the countless Google searches I performed before creating this thread!!?? - I guess it is because I weas always searching with android as a part of the searchg string).

Anyway, I thought I had everything set up pretty well identically to how Bebop suggests, but while I was double-checking my XP RRAS and ICS settings against Bebop's (which were all fine) I had a sudden flash of inspiration.

In all my testing I have had 2 openvpn instances, one tun and one tap, running concurrently, with the tap bridged one routing internet traffic seamlessly and the tun one failin g miserably.

While I was checking that I'd correctly shared the internet connection on my physical LAN interface, it finally occured that that the bridging I'd done for tap may somehow be affecting the tun routing.

So, I removed my LAN card from the bridge, disabled the virtual TAP-Win32 device that had been part of the bridge, and then reapplied the RRAS and ICS options to my other TAP-Win32 device (the tun one I've been attempting to route all my traffic through).

BINGO! Worked out the box with no need for any changes to server or client config scripts.

I then tried to recerate the TAP bridge (just as an academic exercise, as Ihave no need to use tap now that my tun works OK) and it gave an error - basically saying that an adaptor can't be part of a bridge if it is in use by ICS. So it looks like that was the underlying problem for me all along. D'oh!

I really appreciate that you were willing to help, and that you managed to point me at a thread which finally kickstarted my own brain :-)

I of course immediately fired up an RDP session through the vpn to my 3rd party server, and I got straight in. I was so delighted to get this fixed after two weeks of banging my head against a brick wall that I almost shut down the server remotely instead of logging off my RDP session - oops!!

Thanks once again for your help & patience. In case it is of use to anyone else who stumbles apon this topic ion future, here is the Bebop thread that ultimately helped me and which explains in crystal clear detail how to accomplish the routing of all client traffic over the vpn:

topic7815.html#p10620

Post Reply