encrypt web traffic client trough vpn tunnel

macbox · Post by **macbox** » Wed Nov 02, 2011 6:51 pm

Hi everyone!

I need to encrypt all web traffic client through the VPN tunnel

I followed the manual where it talks about Routing all client traffic (including web-traffic) through the VPN but I could not configure it correctly

Scenario:

Client (10.8.0.6)-----TUNNEL VPN-----Server VPN tun0:10.8.0.1 eth0:192.168.1.5

Server Vpn is connected to the internet through a router (192.168.1.1)

How could I do?

Thank you so much

Post by **Mimiko** » Thu Nov 03, 2011 6:24 am

Read this http://www.openvpn.net/index.php/open-s ... l#redirect
and post some configuration files for server and client, also check firewall and routing on both client and server, also what system are used.

macbox · Post by **macbox** » Thu Nov 03, 2011 9:11 am

I read the manual,

I did not understand if the iptables rule is applied on the server or the client?

server vpn(o.s Debian)
tun0:10.8.0.1 eth0:192.168.1.5

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/debian.crt
key /etc/openvpn/keys/debian.key
dh /etc/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

client mac (10.8.0.6) outside network:

client
dev tun
proto udp
remote 79.54.82.149
route 192.168.1.0 255.255.255.0
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert mac.crt
key mac.key
ns-cert-type server
comp-lzo
verb 3

The client does not open web pages, but is connected to the server vpn!

Post by **maikcat** » Thu Nov 03, 2011 10:36 am

the ip tables to perform NAT is used on openvpn server side..

Michael.

macbox · Post by **macbox** » Thu Nov 03, 2011 10:55 am

ok,If I add the iptables rule on the VPN server, clients connect but do not open web pages!

Post by **Mimiko** » Thu Nov 03, 2011 12:42 pm

Does your server has a DNS service?
You don't need 'push "route 10.8.0.0 255.255.255.0"' but 'push "route 192.168.1.0 255.255.255.0"' and remove "route 192.168.1.0 255.255.255.0" from client config.

macbox · Post by **macbox** » Thu Nov 03, 2011 3:46 pm

I changed like you said...On vpn server (debian) is installed bind9 for dns server

Vpn server is attached to the router,i opened port 53 to the local ip address of vpn server (192.168.1.5)

/etc/bind/named.conf.options:

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
208.67.222.222; ##OpenDNS
};

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

The DNS server is working because if I try to use it locally(LAN) it works! But now clients connect but do not open web pages!

OpenVPN Support Forum

encrypt web traffic client trough vpn tunnel

encrypt web traffic client trough vpn tunnel

Re: encrypt web traffic client trough vpn tunnel

Re: encrypt web traffic client trough vpn tunnel

Re: encrypt web traffic client trough vpn tunnel

Re: encrypt web traffic client trough vpn tunnel

Re: encrypt web traffic client trough vpn tunnel

Re: encrypt web traffic client trough vpn tunnel