push "redirect-gateway def1" in config file - how to verify traffic?

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
nicke
OpenVpn Newbie
Posts: 3
Joined: Sun Aug 22, 2021 1:56 pm

push "redirect-gateway def1" in config file - how to verify traffic?

Post by nicke » Sun Aug 22, 2021 3:39 pm

Dear Community,

I've been searching online in various posts & forums for a way to verify that all my internet traffic is actually being routed through the OpenVPN client. I've added the: push "redirect-gateway def1" line to the VPN config file that is being used. I'm on a Mac.

Tried the "Nettop" command in terminal, which isn't to any particular help since it shows the initiating original IP as the router IP which is unchanged / not the same as my VPN IP. Also tried "traceroute" command with different websites, which isn't very illuminating either.

Nettop does show this entry though:
OpenVPN Connect.[0000]
tcp4 000.000.000.000:000<->185.236.00.000:000 - First IP is my private personal IP and second is the VPN's IP, both fully/partly replaced with their real numbers.

Any suggestions how I can go about and see if network traffic indeed is fully routed OpenVPN? I've seen some suggestions about Wireshark too, but I'm not familiar with that interface at the moment.

Thanks in advance

Andrewknf
OpenVpn Newbie
Posts: 1
Joined: Tue Feb 07, 2017 5:47 pm

Re: push "redirect-gateway def1" in config file - how to verify traffic?

Post by Andrewknf » Sun Sep 05, 2021 7:32 am

nicke wrote:
Sun Aug 22, 2021 3:39 pm
Dear Community,

I've been searching online in various posts & forums for a way to verify that all my internet traffic is actually being routed through the OpenVPN client. I've added the: push "redirect-gateway def1" line to the VPN config file that is being used. I'm on a Mac.

Tried the "Nettop" command in terminal, which isn't to any particular help since it shows the initiating original IP as the router IP which is unchanged / not the same as my VPN IP. Also tried "traceroute" command with different websites, which isn't very illuminating either.

Nettop does show this entry though:
OpenVPN Connect.[0000]
tcp4 000.000.000.000:000<->185.236.00.000:000 - First IP is my private personal IP and second is the VPN's IP, both fully/partly replaced with their real numbers.

Any suggestions how I can go about and see if network traffic indeed is fully routed OpenVPN? I've seen some suggestions about Wireshark too, but I'm not familiar with that interface at the moment.

Thanks in advance



I am also curious if anyone out there has managed to solve this one!

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: push "redirect-gateway def1" in config file - how to verify traffic?

Post by openvpn_inc » Sun Sep 05, 2021 1:39 pm

Andrewknf wrote:
Sun Sep 05, 2021 7:32 am
nicke wrote:
Sun Aug 22, 2021 3:39 pm
I've been searching online in various posts & forums for a way to verify that all my internet traffic is actually being routed through the OpenVPN client. I've added the: push "redirect-gateway def1" line to the VPN config file that is being used. I'm on a Mac.

Tried the "Nettop" command in terminal, which isn't to any particular help since it shows the initiating original IP as the router IP which is unchanged / not the same as my VPN IP. Also tried "traceroute" command with different websites, which isn't very illuminating either.

Nettop does show this entry though:
OpenVPN Connect.[0000]
tcp4 000.000.000.000:000<->185.236.00.000:000 - First IP is my private personal IP and second is the VPN's IP, both fully/partly replaced with their real numbers.
Right. There's no way on the client to see the NAT which happens on the server. Services like ifconfig.me will, however, show the result of the NAT, because they are outside the NAT.
Andrewknf wrote:
Sun Sep 05, 2021 7:32 am
nicke wrote:
Sun Aug 22, 2021 3:39 pm
Any suggestions how I can go about and see if network traffic indeed is fully routed OpenVPN? I've seen some suggestions about Wireshark too, but I'm not familiar with that interface at the moment.
I am also curious if anyone out there has managed to solve this one!
Yes, just about everyone has managed to solve this. But again, it's happening on the server, so you can't see it on the client, except as above, when receiving replies from outside.

Regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply