OpenVPN Support Forum

Hi everyone!

I need to encrypt all web traffic client through the VPN tunnel


I followed the manual where it talks about Routing all client traffic (including web-traffic) through the VPN but I could not configure it correctly

Scenario:

Client (10.8.0.6)-----TUNNEL VPN-----Server VPN tun0:10.8.0.1 eth0:192.168.1.5

Server Vpn is connected to the internet through a router (192.168.1.1)

How could I do?

Thank you so much

Read this http://www.openvpn.net/index.php/open-s ... l#redirect
and post some configuration files for server and client, also check firewall and routing on both client and server, also what system are used.

I read the manual,

I did not understand if the iptables rule is applied on the server or the client?

server vpn(o.s Debian)
tun0:10.8.0.1 eth0:192.168.1.5

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/debian.crt
key /etc/openvpn/keys/debian.key
dh /etc/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

client mac (10.8.0.6) outside network:

client
dev tun
proto udp
remote 79.54.82.149
route 192.168.1.0 255.255.255.0
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert mac.crt
key mac.key
ns-cert-type server
comp-lzo
verb 3

The client does not open web pages, but is connected to the server vpn!

the ip tables to perform NAT is used on openvpn server side..

Michael.

ok,If I add the iptables rule on the VPN server, clients connect but do not open web pages!

Does your server has a DNS service?
You don't need 'push "route 10.8.0.0 255.255.255.0"' but 'push "route 192.168.1.0 255.255.255.0"' and remove "route 192.168.1.0 255.255.255.0" from client config.

I changed like you said...On vpn server (debian) is installed bind9 for dns server

Vpn server is attached to the router,i opened port 53 to the local ip address of vpn server (192.168.1.5)

/etc/bind/named.conf.options:

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
208.67.222.222; ##OpenDNS
};

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

The DNS server is working because if I try to use it locally(LAN) it works! But now clients connect but do not open web pages!