Traffic redirect and IP forwarding

[EyalMendel]

Hello,
I have installed a VPN server on my VPS and this is the server.conf file:

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Each time I connect, not all the traffic is redirected to the OpenVPN (for example, while surfing the browser).
I have noticed that the IP I get from OpenVPN is internal (10.x.x.x), even though I connect to an real IP address (VPS server).

If needed, here is the client conf file:

Code: Select all

client
dev tun
proto udp
remote x.x.x.x (example) 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
redirect-gateway def1

I have read almost every topic here about the traffic redirection but I wasn't able to fix it.

Thank you.

[janjust]

the fact that your VPN client gets the address 10.8.0.6 is normal with your setup; whether you're actually redirecting via the server is another matter (although the "redirect-gateway def1" should do that).

from the client, can you ping the VPN Ip of the server (10.8.0.1) ?
what happens if you run a traceroute from the client?
Windows

Code: Select all

tracert -d 8.8.8.8

Mac/Linux

Code: Select all

traceroute -n 8.8.8.8

?

[EyalMendel]

Thank you the quick response. Here is the trace:

Code: Select all

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     5 ms    <1 ms    <1 ms  192.168.1.1
  2   558 ms    48 ms    41 ms  172.28.37.98
  3    70 ms    79 ms   109 ms  172.28.239.181
  4   106 ms    78 ms    79 ms  172.28.189.193
  5   116 ms    78 ms   118 ms  212.143.203.80
  6   305 ms    88 ms    78 ms  212.143.203.212
  7   149 ms   126 ms   178 ms  212.143.12.4
  8   136 ms   150 ms   136 ms  10.50.1.1
  9   164 ms   149 ms   158 ms  80.81.192.108
 10   145 ms   158 ms   148 ms  209.85.241.110
 11   165 ms   178 ms   139 ms  209.85.251.246
 12   137 ms   148 ms   138 ms  209.85.254.116
 13     *        *        *     Request timed out.
 14   191 ms   138 ms   168 ms  8.8.8.8

Trace complete.

[janjust]

the output

1 5 ms <1 ms <1 ms 192.168.1.1

shows that the first hop is 192.168.1.1 which is , most likely, your LAN gateway and not your VPN tunnel; check the client connection log (with 'verb 5' added) to see if the default route is actually set. Post the output of

Code: Select all

netstat -rn

after the VPN has started.

[EyalMendel]

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    266
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    266
===========================================================================
Persistent Routes:
  None

[janjust]

this outptu does not show *ANY* VPN adapters - ensure that openvpn is running and that the connection has been established.