OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

route traffic through vpn [reloaded]

https://forums.openvpn.net/viewtopic.php?t=8750

Page 1 of 1

route traffic through vpn [reloaded]

Posted: Mon Sep 05, 2011 10:10 am
by fritz001
Hello all,

So, even if it has been discussed so many times still didn't get a working solution for me ::

My config::

sever.conf

daemon
user nobody
group nobody

port 1194
proto udp
dev tap
mode server
tls-server
cipher AES-256-CBC
client-to-client

cd /etc/openvpn/

ca certs/ca.crt
dh certs/dh1024.pem
cert keys1/server.crt
key keys1/server.key
tls-auth keys/static.key 0
ifconfig 10.20.0.1 255.255.255.0 # openvpn gateway
ifconfig-pool 10.20.0.2 10.20.0.10 255.255.255.0
ifconfig-pool-persist ipp.txt

tmp-dir /tmp
script-security 3
auth-user-pass-verify /etc/openvpn/usr_auth.sh via-file

keepalive 10 60

persist-tun
persist-key

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
push "ping 10"
push "ping-restart 60"

push "redirect-gateway def1"

client-config-dir /etc/openvpn/ccd/

#enabled on client config

#Route to 192.168.150.0/24 for all clients
push "route 192.168.150.0 255.255.255.0 10.20.0.1"

comp-lzo
status openvpn-status.log
~END~
/etc/openvpn/ccd/admin

push-reset

ifconfig-push 10.20.0.5 255.255.255.0

#LOCAL-NETS
push "route 192.168.40.0 255.255.255.0 10.20.0.1"
push "route 10.10.1.0 255.255.255.224 10.20.0.1"

#CISCO-ROUTERS
push "route 10.50.1.0 255.255.255.224 10.20.0.1"
push "route 10.1.1.0 255.255.255.0 10.20.0.1"

push "dhcp-option DNS 10.10.1.1"
~END~

client.config
#daemon
client
pull
tls-client
proto udp
dev tap
remote 77.48.82.162 1194
remote-cert-tls server
ca /openvpn/keys/ca.crt
cert /openvpn/keys/client.crt
key /openvpn/keys/client.key
tls-auth /openvpn/keys/static.key 1
cipher AES-256-CBC
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
auth-user-pass
auth-nocache
mute-replay-warnings

script-security 2
up /openvpn/resolv-update-conf.sh
down /openvpn/resolv-update-conf.sh
float
ping 10
ping-restart 60
comp-lzo
verb 3
~END~

however on client side

route -n

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
9.64.163.21 9.157.16.129 255.255.255.255 UGH 0 0 0 eth0
9.157.16.129 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
10.10.1.0 10.20.0.1 255.255.255.224 UG 0 0 0 tap0
10.50.1.0 10.20.0.1 255.255.255.224 UG 0 0 0 tap0
9.157.16.128 0.0.0.0 255.255.255.128 U 0 0 0 eth0
10.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
192.168.150.0 10.20.0.1 255.255.255.0 UG 0 0 0 tap0
10.1.1.0 10.20.0.1 255.255.255.0 UG 0 0 0 tap0
192.168.10.0 10.20.0.1 255.255.255.0 UG 0 0 0 tap0
192.168.40.0 10.20.0.1 255.255.255.0 UG 0 0 0 tap0
0.0.0.0 9.157.16.129 0.0.0.0 UG 0 0 0 eth0

So... what am I doing wrong ?!!!?!

Re: route traffic through vpn [reloaded]

Posted: Mon Sep 05, 2011 12:34 pm
by Douglas
push "redirect-gateway def1"

is the right setting.. try appending it to :

push "redirect-gateway def1 bypass-dhcp"

Re: route traffic through vpn [reloaded]

Posted: Mon Sep 05, 2011 1:12 pm
by fritz001
hm, i had to add this

push "route-gateway 10.20.0.1"
push "redirect-gateway def1"
to the ccd/admin.config

but on client side:

route -n
0.0.0.0 10.20.0.1 128.0.0.0 UG 0 0 0 tap0
128.0.0.0 10.20.0.1 128.0.0.0 UG 0 0 0 tap0
0.0.0.0 9.157.16.129 0.0.0.0 UG 0 0 0 eth0

Mon Sep 5 15:09:08 2011 /sbin/ip route add 0.0.0.0/1 via 10.20.0.1
Mon Sep 5 15:09:08 2011 /sbin/ip route add 128.0.0.0/1 via 10.20.0.1 --> where's coming from ?!!!!?!

Re: route traffic through vpn [reloaded]

Posted: Mon Sep 05, 2011 2:07 pm
by janjust
read the openvpn manual page carefully to see what the 'def1' parameter does - it explains it perfecly fine.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/