I'm having a kind of an issue, because I'm not getting my VPN configured so that all traffic goes through the tunnel. The OpenVPN server runs on a AC-RT86U router, which provides an interface for configuring the server but it configures the server in the wrong way. So I'm able to connect to the server and able to access all clients in the local network, but it is not possible to ping google.com or 8.8.8.8.
I think the problem are the routes which are configured from the server.
First of all here my config of the server
Server config
# Automatically generated configuration
daemon ovpn-server1
topology subnet
server 172.16.4.0 255.255.255.0
proto udp
port 1194
dev tun21
txqueuelen 1000
ncp-disable
cipher AES-256-GCM
auth SHA256
compress lz4-v2
keepalive 15 60
verb 6
push "route 192.168.2.0 255.255.255.0 vpn_gateway 500"
duplicate-cn
push "dhcp-option DNS 192.168.2.1"
push "redirect-gateway def1"
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
verify-client-cert none
username-as-common-name
ca ca.crt
dh dh.pem
cert server.crt
key server.key
script-security 2
up updown.sh
down updown.sh
status-version 2
status status 5
# Custom Configuration
push "redirect-gateway local def1 bypass-dhcp"
push "dhcp-option DNS 172.16.4.1"
push "dhcp-option DNS 192.168.2.1"
This is my client config
Client config
client
dev tun
proto udp
remote 486456.ddns.net 1194
float
cipher AES-256-GCM
auth SHA256
compress lz4-v2
keepalive 15 60
auth-user-pass /usr/local/openvpn/cred
ca /usr/local/openvpn/server_ovpn.cert
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
oJxpqdLo/y+iCRct9ovNwXjrFvr6vS6eNl6qlqdGq+Ysppg+3Nz9+kS6FrYUn0AV
kn/2pIALcP4S2qHE2tr6tmPakiDDQAkr5rTKjKeD5/ZgfmsGOWEBPkHiLmLId
XzWo
-----END CERTIFICATE-----
</ca>
resolv-retry infinite
nobind
redirect-gateway local def1
And the routes of the client when connected to the vpn
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.16.4.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1
128.0.0.0 172.16.4.1 128.0.0.0 UG 0 0 0 tun0
172.16.4.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.24.24.0 0.0.0.0 255.255.255.0 U 0 0 0 br-d5cb6383c865
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.2.0 172.16.4.1 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 192.168.2.1 255.255.255.0 UG 0 0 0 eth1
What do you think, maybe you can help me to configure that I'm able to access all local clients via tunnel and the internet via tunnel. Thank you,