Redirecting the whole traffic through openvpn - HELP

[swirlcore]

Hey guys,

My first post here and I'm a bit of a n00b as far as openvpn is concerned.

So I have an account from a friend. I connect to it and I use a proxy in my firefox and other programs to tunnel my connection.


So the thing is I would like the whole traffic to be tunneled automatically. Something like what a pptp vpn connection does.

I included push "redirect-gateway def1" in myconfig file but that doesnt seem to do the trick.


My current ovpnfile looks like this:

Code: Select all

remote abc.def.com
port 1194
pull
ns-cert-type server
dev tun
comp-lzo
verb 4
tls-client
ca ca.crt
cert xxx.crt
key xxx.key
ping 15
float
nobind 
push "redirect-gateway def1"

This should be fairly easy to do right? Can someone put me in the right direction? Thanks.

[Bebop]

push "redirect-gateway def1"

Since you are the client, push wont work for you (delete that line).

This should get all your traffic routed to the VPN server:

Code: Select all

route remote_host 255.255.255.255 net_gateway
route 0.0.0.0 128.0.0.0 vpn_gateway     
route 128.0.0.0 128.0.0.0 vpn_gateway

[juus]

bebop do you place that in the client.ovpn file?

Im still learning so please be patient

[Mimiko]

In your client.ovpn use:

Code: Select all

redirect-gateway def1
client

If on OpenVPN server forwarding are not enabled - it wont help.

[juus]

How would i know if server forwarding is enabled?
Tried your suggestion & client connects to vpn.
Can ping vpn, but no traffic routed through vpn - almost as if vpn blocks it.

Server Debian with openvpn
Client Windows 7

Fri Aug 19 12:55:15 2011 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul 1 2011
Fri Aug 19 12:55:15 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Aug 19 12:55:15 2011 LZO compression initialized
Fri Aug 19 12:55:15 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Aug 19 12:55:15 2011 Socket Buffers: R=[128000->128000] S=[49152->49152]
Fri Aug 19 12:55:15 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Aug 19 12:55:15 2011 Local Options hash (VER=V4): '41690919'
Fri Aug 19 12:55:15 2011 Expected Remote Options hash (VER=V4): '530fdded'
Fri Aug 19 12:55:15 2011 UDPv4 link local: [undef]
Fri Aug 19 12:55:15 2011 UDPv4 link remote: server_ip:1194
Fri Aug 19 12:55:15 2011 TLS: Initial packet from server_ip:1194, sid=eca1d306 083636cd
Fri Aug 19 12:55:17 2011 VERIFY OK: depth=1, /C=CA/ST=GP/L=JB/O=E5/CN=VPN/emailAddress=me@myhost.mydomain
Fri Aug 19 12:55:17 2011 VERIFY OK: nsCertType=SERVER
Fri Aug 19 12:55:17 2011 VERIFY OK: depth=0, /C=CA/ST=GP/L=JB/O=E5/CN=VPN/emailAddress=me@myhost.mydomain
Fri Aug 19 12:55:22 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Aug 19 12:55:22 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 19 12:55:22 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Aug 19 12:55:22 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 19 12:55:22 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Aug 19 12:55:22 2011 [VPNCC] Peer Connection Initiated with server_ip:1194
Fri Aug 19 12:55:24 2011 SENT CONTROL [VPN]: 'PUSH_REQUEST' (status=1)
Fri Aug 19 12:55:24 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Fri Aug 19 12:55:24 2011 OPTIONS IMPORT: timers and/or timeouts modified
Fri Aug 19 12:55:24 2011 OPTIONS IMPORT: --ifconfig/up options modified
Fri Aug 19 12:55:24 2011 OPTIONS IMPORT: route options modified
Fri Aug 19 12:55:24 2011 ROUTE default_gateway=ip_assigned_by_service_provider
Fri Aug 19 12:55:24 2011 TAP-WIN32 device [Local Area Connection 56] opened: \\.\Global\{4331FBB4-6FA9-4BFB-BFC0-5FAFCF72B6F5}.tap
Fri Aug 19 12:55:24 2011 TAP-Win32 Driver Version 9.8
Fri Aug 19 12:55:24 2011 TAP-Win32 MTU=1500
Fri Aug 19 12:55:24 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {4331FBB4-6FA9-4BFB-BFC0-5FAFCF72B6F5} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Fri Aug 19 12:55:24 2011 Successful ARP Flush on interface [118] {4331FBB4-6FA9-4BFB-BFC0-5FAFCF72B6F5}
Fri Aug 19 12:55:29 2011 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri Aug 19 12:55:29 2011 C:\WINDOWS\system32\route.exe ADD server_ip MASK 255.255.255.255 ip_assigned_by_service_provider
Fri Aug 19 12:55:29 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Aug 19 12:55:29 2011 Route addition via IPAPI succeeded [adaptive]
Fri Aug 19 12:55:29 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri Aug 19 12:55:29 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Aug 19 12:55:29 2011 Route addition via IPAPI succeeded [adaptive]
Fri Aug 19 12:55:29 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri Aug 19 12:55:29 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Aug 19 12:55:29 2011 Route addition via IPAPI succeeded [adaptive]
Fri Aug 19 12:55:29 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Fri Aug 19 12:55:29 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Aug 19 12:55:29 2011 Route addition via IPAPI succeeded [adaptive]
Fri Aug 19 12:55:29 2011 Initialization Sequence Completed

[Mimiko]

Use

Code: Select all

tracert 8.8.8.8

on your client and see where it stucks.