[Solved] route all traffic through OpenVPN VPS server

Samples of working configurations.
Locked
outlander65
OpenVPN User
Posts: 10
Joined: Thu Aug 08, 2019 5:47 pm

[Solved] route all traffic through OpenVPN VPS server

Post by outlander65 » Thu Aug 08, 2019 6:03 pm

Hi,
first of all I'm not expert!

I have a VPS (Windows server 2008 on hetzner Datacenter) and in my VPS server I've configured an OpenVPN server. My clients can connect to the server but their traffic don't go through OpenVPN server and their public IP address is still their ISP public address.

I've added these directive one by one, but nothing worked:

Code: Select all

#no success with this:
push "redirect-gateway def1"

#and no success with this:
push "redirect-gateway local def1"

#and no success with this:
push "dhcp-option DNS 10.10.10.1"

#and no success with this:
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 4.2.2.4"
push "route 10.1.1.0 255.255.255.0"
So how can I route all traffic through server? I've read all other topics with the same problem and still have this problem.

here is server configuration:

Code: Select all

dev-node "VPNServer"
mode server
port 443
proto tcp4-server
dev tun
tls-server
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\VPNServer.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\VPNServer.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"
server 10.10.10.0 255.255.255.0
client-to-client
keepalive 10 120
cipher AES-128-CBC
persist-key
persist-tun
client-config-dir "C:\\Program Files\\OpenVPN\\config"
verb 3
route-delay 5
route-method exe
and here is the client config:

Code: Select all

tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client1.crt"
key "C:\\Program Files\\OpenVPN\\config\\client1.key"
client
dev tun
proto tcp
remote MY_SERVER_PUBLIC_IP_ADDRESS
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
verb 3
pull
fast-io
cipher AES-256-CBC
I think it's because my server is a VPS, so I have to configure it so that the tap driver uses my server public IP address. right?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5873
Joined: Fri Jun 03, 2016 1:17 pm

Re: route all traffic through OpenVPN VPS server

Post by TinCanTech » Thu Aug 08, 2019 7:02 pm

outlander65 wrote:
Thu Aug 08, 2019 6:03 pm
I have to configure it so that the tap driver uses my server public IP address
NO .. openvpn configures the tunnel address.

You need to then route or probably NAT that to your public IP address. This is easy with Linux.

For help setting up Windows please look here:
viewforum.php?f=7

outlander65
OpenVPN User
Posts: 10
Joined: Thu Aug 08, 2019 5:47 pm

Re: route all traffic through OpenVPN VPS server

Post by outlander65 » Thu Aug 08, 2019 7:29 pm

As I said I'n not expert! I looked at topics but nothing was there for me. So how can I solve my problem?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5873
Joined: Fri Jun 03, 2016 1:17 pm

Re: route all traffic through OpenVPN VPS server

Post by TinCanTech » Thu Aug 08, 2019 8:47 pm

I don't know .. perhaps you can ask your VPS Service provider.

outlander65
OpenVPN User
Posts: 10
Joined: Thu Aug 08, 2019 5:47 pm

Re: route all traffic through OpenVPN VPS server

Post by outlander65 » Fri Aug 09, 2019 6:27 am

Could anyone please help me with this?

outlander65
OpenVPN User
Posts: 10
Joined: Thu Aug 08, 2019 5:47 pm

Re: route all traffic through OpenVPN VPS server

Post by outlander65 » Fri Aug 09, 2019 11:37 am

So in the OpenVPN forum no one can help me! Excellent!

When I add this directive to server.ovpn

Code: Select all

push "redirect-gateway def1"
and this directive to client.ovpn

Code: Select all

redirect-gateway def1
My client connects to the server but can't open any website! Why?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5873
Joined: Fri Jun 03, 2016 1:17 pm

Re: route all traffic through OpenVPN VPS server

Post by TinCanTech » Fri Aug 09, 2019 12:05 pm

Because it takes more than openvpn to complete this process and that means reading the documentation.

Try this:
https://community.openvpn.net/openvpn/w ... oughtheVPN

Also, you will probably find there are specific things which need to be configured at your VPS.
So you will need to ask your service provider for help.

outlander65
OpenVPN User
Posts: 10
Joined: Thu Aug 08, 2019 5:47 pm

Re: route all traffic through OpenVPN VPS server

Post by outlander65 » Fri Aug 09, 2019 12:20 pm

Thank you, I had read that page before, and where it says:

Code: Select all

Pushing the redirect-gateway option to clients will cause all IP network traffic originating on client machines to pass through the OpenVPN server. The server will need to be configured to deal with this traffic somehow, such as by NATing it to the internet, or routing it through the server site's HTTP proxy.

On Linux, you could use a command such as this to NAT the VPN client traffic to the internet......
It's talking about Linux OS. What about windows? How can I NAT through windows? In windows server 2008 R2 there isn't connection sharing. So I added this line to route table:

Code: Select all

route add -p 10.10.10.0 mask 255.255.255.0 MY_SERVER_PUBLIC_IP_ADDRESS
and still nothing work.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5873
Joined: Fri Jun 03, 2016 1:17 pm

Re: route all traffic through OpenVPN VPS server

Post by TinCanTech » Fri Aug 09, 2019 12:44 pm

Randomly adding routes which you do not understand is not the way to work.

Read the docs, learn routing and hope you can figure it out. Or use a Linux server.

See also:
https://community.openvpn.net/openvpn/wiki/NatHack

outlander65
OpenVPN User
Posts: 10
Joined: Thu Aug 08, 2019 5:47 pm

Re: route all traffic through OpenVPN VPS server

Post by outlander65 » Fri Aug 09, 2019 2:02 pm

Thank you. My problem was solved when I installed NAT services in windows server 2008 R2. Thanks again.

Locked