Force ALL traffic through VPN

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
odemwingie
OpenVpn Newbie
Posts: 1
Joined: Tue Jan 31, 2023 11:06 am

Force ALL traffic through VPN

Post by odemwingie » Tue Jan 31, 2023 11:21 am

Hey everyone,

I am trying to configure OpenVPN on iOS and want to clarify what is the expected behavior in this case.
My goal is to force system to use the tunnel for ALL connections. For my lab tests I use Safari.
What I have achieved till now is that my local website (which is not available without VPN) opens in Safari. So the tunnel itself works fine.

However, the issue I see is that the browser bypasses the tunnel for public resources. My VPN network does not have Internet access, so my expectation was that with VPN turned-on I will be able to open only internal websites and all other public websites won't be available.
But it looks like the VPN does not block any connection and only makes internal resources being available in addition to the resources available without VPN tunnel.

So the question is how to force ALL traffic to go through the tunnel?

This is my server conf:
server

port 1194
proto udp
dev tun
server 10.1.0.0 255.255.255.0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
duplicate-cn
keepalive 10 120
cipher AES-256-GCM
ncp-ciphers AES-256-GCM:AES-256-CBC
auth SHA512
script-security 2
auth-user-pass-verify "/etc/openvpn/webapp/manage.py ovpnauth" via-file
persist-key
persist-tun
status openvpn-status.log
verb 3
tls-server
tls-version-min 1.2
tls-auth ta.key 0
crl-verify crl.pem
route 10.1.0.1
push 'route 10.1.0.1'
push 'dhcp-option DNS 1.1.1.1'
push 'dhcp-option DNS 1.1.1.1'


That's the client conf
client

client
dev tun
proto udp
remote s***.***.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA512
auth-user-pass
verb 3
tls-client
tls-version-min 1.2
key-direction 1
explicit-exit-notify 1
redirect-gateway def1 bypass-dhcp
<ca>
-----BEGIN CERTIFICATE-----\nM***0MsB\n-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----\nMI***A=\n-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----\nMI***Jg=\n-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----\n399***4ff\n-----END OpenVPN Static key V1-----
</tls-auth>


Thanks!

never-stop-learning
OpenVPN User
Posts: 39
Joined: Sat Oct 02, 2021 3:57 pm

Re: Force ALL traffic through VPN

Post by never-stop-learning » Sun Apr 02, 2023 12:26 pm

hey man, provide the routing table of your client and traceroute result to google.com and 8.8.4.4(Google DNS).

Provide the IPtables of your OpenVPN Server to review the configuration

TomB815
OpenVpn Newbie
Posts: 2
Joined: Tue Jun 06, 2023 12:42 pm

Re: Force ALL traffic through VPN

Post by TomB815 » Mon Jun 12, 2023 10:23 am

Try

Code: Select all

redirect-gateway ipv4
redirect-gateway ipv6
in your client-config.

Post Reply