redirect-gateway def1 does not route all traffic through VPN

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
lukasberan
OpenVpn Newbie
Posts: 1
Joined: Thu Jul 15, 2021 3:26 pm

redirect-gateway def1 does not route all traffic through VPN

Post by lukasberan » Thu Jul 15, 2021 3:44 pm

Hi.

I have two different routers with OpenVPN. One router is Synology RT2600ac with the VPN Plus Server package configured for OpenVPN. The other router is Turris (which is technically OpenWRT router). But both of them behave the same in the meaning of my OpenVPN problem.

I have a Windows 10 computer with OpenVPN Connect 3.3.1 (2222). Both VPN profiles are configured with redirect-gateway def1. But the network traffic route is weird on both of them. At first I thought everything is fine, because most pages show me the public IP of the VPN server (the router). But some pages (ie the Czech https://www.netmetr.cz/) show me my client public IP address, not the VPN server's public IP, which was the first weird indicator. Second weird indicator was that when I tried to access some internal services via their public IP address that are configured to allow traffic only from the VPN server's public IP, firewall blocked my access - to be more specific, lets say that I have a server with a public domain name of server.domain.com that points to the server's public IP 1.2.3.4, VPN server's public IP is 1.2.3.5 and the firewall on the server is configured to accept only connections from the IP address of 1.2.3.5. And when I am connected to the VPN, I am not allowed to access the server. But the server has also an internal IP from the internal network subnet where no firewall restrictions are applied and when I try to access the server via its internal IP, it works. So the VPN connection works and I am connected to the internal network, but for some reason, internet access does not seem to go through the VPN server. And third weird thing is that when I do a speed test, it proves that I actually use my client's internet connectivity directly, not the VPN server's internet connectivity. Because the VPN server is connected via 100/100 Mbit/s connection, but my remote client computer was connected via 500/500 Mbit/s connection and when I did a speed test, even though speedtest.com showed my VPN server's public IP, the speed was actually 500/500 Mbit/s and there is no way I could get such speed through the VPN connection, because the VPN server has only 100/100 Mbit/s connectivity.

So the question is, what could be wrong? How to really enforce using the OpenVPN tunnel for all connectivity on the client computers?

Post Reply