Route all traffic through OpenVPN server (ASUS AC-RT86U)

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
MoeZin
OpenVpn Newbie
Posts: 1
Joined: Mon Jun 29, 2020 9:19 am

Route all traffic through OpenVPN server (ASUS AC-RT86U)

Post by MoeZin » Mon Jun 29, 2020 9:27 am

Hi there,

I'm having a kind of an issue, because I'm not getting my VPN configured so that all traffic goes through the tunnel. The OpenVPN server runs on a AC-RT86U router, which provides an interface for configuring the server but it configures the server in the wrong way. So I'm able to connect to the server and able to access all clients in the local network, but it is not possible to ping google.com or 8.8.8.8.

I think the problem are the routes which are configured from the server.

First of all here my config of the server

Server config

# Automatically generated configuration
daemon ovpn-server1
topology subnet
server 172.16.4.0 255.255.255.0
proto udp
port 1194
dev tun21
txqueuelen 1000
ncp-disable
cipher AES-256-GCM
auth SHA256
compress lz4-v2
keepalive 15 60
verb 6
push "route 192.168.2.0 255.255.255.0 vpn_gateway 500"
duplicate-cn
push "dhcp-option DNS 192.168.2.1"
push "redirect-gateway def1"
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
verify-client-cert none
username-as-common-name
ca ca.crt
dh dh.pem
cert server.crt
key server.key
script-security 2
up updown.sh
down updown.sh
status-version 2
status status 5

# Custom Configuration
push "redirect-gateway local def1 bypass-dhcp"
push "dhcp-option DNS 172.16.4.1"
push "dhcp-option DNS 192.168.2.1"



This is my client config

Client config

client
dev tun
proto udp
remote 486456.ddns.net 1194
float
cipher AES-256-GCM
auth SHA256
compress lz4-v2
keepalive 15 60
auth-user-pass /usr/local/openvpn/cred
ca /usr/local/openvpn/server_ovpn.cert
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
oJxpqdLo/y+iCRct9ovNwXjrFvr6vS6eNl6qlqdGq+Ysppg+3Nz9+kS6FrYUn0AV
kn/2pIALcP4S2qHE2tr6tmPakiDDQAkr5rTKjKeD5/ZgfmsGOWEBPkHiLmLId
XzWo
-----END CERTIFICATE-----
</ca>
resolv-retry infinite
nobind

redirect-gateway local def1


And the routes of the client when connected to the vpn

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         172.16.4.1      128.0.0.0       UG        0 0          0 tun0
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth1
128.0.0.0       172.16.4.1      128.0.0.0       UG        0 0          0 tun0
172.16.4.0      0.0.0.0         255.255.255.0   U         0 0          0 tun0
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
172.24.24.0     0.0.0.0         255.255.255.0   U         0 0          0 br-d5cb6383c865
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
192.168.2.0     172.16.4.1      255.255.255.0   UG        0 0          0 tun0
192.168.1.0     192.168.2.1     255.255.255.0   UG        0 0          0 eth1

What do you think, maybe you can help me to configure that I'm able to access all local clients via tunnel and the internet via tunnel. Thank you,
Last edited by Pippin on Mon Jun 29, 2020 6:25 pm, edited 1 time in total.
Reason: Formatting

Post Reply