a sample pair of client/server configs to use my home comput

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
swapjim
OpenVpn Newbie
Posts: 3
Joined: Sat Apr 09, 2016 1:32 pm

a sample pair of client/server configs to use my home comput

Post by swapjim » Sat Apr 09, 2016 2:43 pm

SUBJECT: working configs to pipe all traffic through my home network

I have used OpenVPN in the past to play LAN games with friends over the Internet. I now want to use it on my Android 6 (Nexus 5X) phone to pipe ALL my Internet traffic (including DNS requests) through my home network.

I installed the official Android app and managed to connect to my home server but once I connect, I can't access anything on the Internet! If I disconnect from the VPN, I can again access the Internet. I tried Arne Schwabe's Ics-OpenVPN client, the result was the same.

I can see the VPN IP the Android phone gets and I can ping it from my server. I tried disabling the firewall on the machine that runs the OpenVPN server (FreeBSD) but nothing changed.

It doesn't seem like a good idea to mess with my existing configs. I think it's better to get a pair of client/server configs that will simply work. I can then adjust them to my needs.

I already have a key and certs so that's already been taken care of.

So, where can I get such a pair of config files?

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: a sample pair of client/server configs to use my home co

Post by Traffic » Sat Apr 09, 2016 5:54 pm

swapjim wrote:where can I get such a pair of config files?
You cannot ..

Please read this HOWTO:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

swapjim
OpenVpn Newbie
Posts: 3
Joined: Sat Apr 09, 2016 1:32 pm

Re: a sample pair of client/server configs to use my home co

Post by swapjim » Sat Apr 09, 2016 8:49 pm

Can someone please edit the title of the topic into "working configs to pipe all traffic through my home network" and remove the:
SUBJECT: working configs to pipe all traffic through my home network
from the body of my message? I did a mistake as I was posting.

Now, on to the question.

I have tried adding the push options mentioned in the topic without success. I haven't done the NATing, so that might be the problem. I'll need to research how I can do this in FreeBSD's pf.

To be sure I got this right, just adding the line:

Code: Select all

push "redirect-gateway def1"
or:

Code: Select all

push "redirect-gateway local def1"
in my any server config that simply works, is enough to pipe my traffic through the VPN?

And one more thing. Lets take a look at this line:

Code: Select all

push "dhcp-option DNS 10.8.0.1"
My VPN runs on 172.16.0.0. The server itself is 172.16.0.1 (at least I think, I might have got this wrong). Can I just use this line:

Code: Select all

push "dhcp-option DNS 172.16.0.1"
and be done with a DNS server? The FreeBSD box itself doesn't run a DNS server. Can I expect the OpenVPN server to forward DNS requests to the OS, and the OS to my local DSL modem?

swapjim
OpenVpn Newbie
Posts: 3
Joined: Sat Apr 09, 2016 1:32 pm

Re: a sample pair of client/server configs to use my home co

Post by swapjim » Tue Apr 12, 2016 12:05 am

I managed to do this! I added these two lines in my config:

Code: Select all

push "redirect-gateway local def1"
push "dhcp-option DNS 10.0.0.1"
and that was it!

10.0.0.1 is the IP of my DSL modem. So, OpenVPN reaches out to my DSL modem for DNS, even if it's in a different IP range. Neat!

I had to add these two lines in my /boot/loader.conf (remember, I'm running FreeBSD):

Code: Select all

if_tap_load="YES"
if_tun_load="YES"
which created the /dev/tun0 and /dev/tap0 interfaces. You can also create them in the command line with:

Code: Select all

ifconfig tun0 create
and you can actually create as many as you want:

Code: Select all

ifconfig tun1 create
ifconfig tun2 create
ifconfig tap1 create
ifconfig tap2 create
# etc
but the loader.conf solution is, of course, neater.

Android showed a preference for the 172.16.0.0 IP range (it simply denied to traffic any data in the 10.20.0.0 range).

I now run two OpenVPN instances. All I had to do is create a symlink of the /usr/local/etc/rc.d/openvpn file.

Your post was crucial in solving the problem. Thank you!

Post Reply