You are not logged in.
- Topics: Active | Unanswered
#1 2016-02-27 07:10:29
- nobled
- Member
- From: Pleasant Grove, Utah
- Registered: 2013-04-06
- Posts: 14
OpenVPN client and routing
I'm trying to setup an OpenVPN client to connect to service I just signed up for and the client connects, but I would like all traffic to route through the vpn. When I run "tracepath google.com" I can see the trafic isn't going through the vpn. To test the vpn connection I tried running "ping google.com -I tun0" and that successfully pings google so the vpn seems to be connected. Here is the config file that the vpn service gave me to use (with the hostname and cert removed):
client
dev tun
proto udp
remote ***** 1194
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
#ca vpn.crt
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
<ca>
-----BEGIN CERTIFICATE-----
*******
-----END CERTIFICATE-----
</ca>My tun0 gets the ip address 10.8.0.1 and here is the output of running "route"
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default router.asus.com 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
172.17.0.0 * 255.255.0.0 U 0 0 0 docker0
192.168.24.0 * 255.255.255.0 U 202 0 0 eth0What can I do to route all of my computer's traffic through the vpn?
Offline
#2 2016-02-27 07:25:25
- x33a
- Forum Fellow
- Registered: 2009-08-15
- Posts: 4,587
Re: OpenVPN client and routing
Offline
#3 2016-02-27 07:49:36
- nobled
- Member
- From: Pleasant Grove, Utah
- Registered: 2013-04-06
- Posts: 14
Re: OpenVPN client and routing
I've seen those options, but they have to be added to the server, which I don't own / manage, which is why I posted here. Is there no way from the client to route all traffic through the vpn?
Offline
#4 2016-02-27 09:02:31
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: OpenVPN client and routing
Run on the client e.g.:
ip route replace default via 10.8.0.2Edit: This assumes that your VPN server is set up to forward & masquerade such packets.
Last edited by brebs (2016-02-27 09:04:43)
Offline
#5 2016-02-27 09:44:18
- x33a
- Forum Fellow
- Registered: 2009-08-15
- Posts: 4,587
Re: OpenVPN client and routing
I've seen those options, but they have to be added to the server, which I don't own / manage, which is why I posted here. Is there no way from the client to route all traffic through the vpn?
Sorry, I didn't notice that you weren't running the server.
Offline
#6 2016-02-27 14:18:17
- nobled
- Member
- From: Pleasant Grove, Utah
- Registered: 2013-04-06
- Posts: 14
Re: OpenVPN client and routing
Run on the client e.g.:
ip route replace default via 10.8.0.2Edit: This assumes that your VPN server is set up to forward & masquerade such packets.
I should have mentioned I've tried to remove the default route and add a default with the dev tun0 which then made it so I couldn't ping google anymore. I tried running this command to replace it instead of removing and adding the default route and it did the same thing. Is that because if the default is to route all traffic through the tunnel then all of the traffic going to the vpn server tries to get routed through the tunnel making it so the traffic never makes it to the server because the packets are stuck in a routing loop? To try and see if this is the issue I tried running "ip route add [vpn server ip] via 192.168.24.254" but I still can't ping google, but I just noticed using a web broser with the default changed to 10.8.0.2 I can still access ipv6 addresses, but according to google and https://www.whatismyip.com/ my address is still an ipv6 address from my ISP (comcast).
If it helps, here is the output of "ip route" before modifications and the vpn connected:
default via 192.168.24.254 dev eth0
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.24.0/24 dev eth0 proto kernel scope link src 192.168.24.102 metric 202Offline