Openvpn and bad routing = multiple external IP Adresses

openvpnroutingtroubleshootingvpn

I have an OpenVPN server on ubuntu and the client (Openvpn 2.1_rc19) on windows7 x64.
The connection is established an I can use it. However not all traffic is routed through the openvpn interface and so I have different is's on different servers.

e.g.: showipaddress.com IP=208.99.113.122 sees only the external ip of my vpn server
whatsmyip.com IP=208.87.33.150 sees the ip of my regular dialup connection

I guess it is a routing issue, so her is "route print" from the windows client

Schnittstellenliste
 27...00 ff 1a c3 26 d6 ......TAP-Win32 Adapter V9
 26...........................Vodafone
  1...........................Software Loopback Interface 1

IPv4-Routentabelle
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0         10.8.0.5         10.8.0.6      4
          0.0.0.0          0.0.0.0   Auf Verbindung    109.84.XXX.XXX     31
         10.8.0.4  255.255.255.252   Auf Verbindung          10.8.0.6    259
         10.8.0.6  255.255.255.255   Auf Verbindung          10.8.0.6    259
         10.8.0.7  255.255.255.255   Auf Verbindung          10.8.0.6    259
   109.84.XXX.XXX  255.255.255.255   Auf Verbindung    109.84.XXX.XXX    286
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1   4531
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1   4531
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1   4531
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6      4
   188.40.XXX.XXX  255.255.255.255   Auf Verbindung    109.84.XXX.XXX     30
        224.0.0.0        240.0.0.0   Auf Verbindung    109.84.XXX.XXX     31
    255.255.255.0    255.255.255.0         10.8.0.5         10.8.0.6      4
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1   4531
  255.255.255.255  255.255.255.255   Auf Verbindung          10.8.0.6    259
  255.255.255.255  255.255.255.255         10.8.0.5         10.8.0.6      4
  255.255.255.255  255.255.255.255   Auf Verbindung    109.84.XXX.XXX    286
===========================================================================
St„ndige Routen:
  Keine

109.84.XXX.XXX is the external ip of my dialup (umts)
188.40.XXX.XXX is my servers external ip address
10.8.0.0 is the openvpn network, with 6 being the client.

If I delete the the second 0.0.0.0 entry those site will not work anymore, while those that are routed over vpn as they should still work.

What do I have to do so that everything is routed through openvpn ?

Edit:
Server configuration

local 188.40.XXX.XXX
port 1194

proto tcp
dev tun
tun-mtu 1544

key /etc/openvpn/examples/easy-rsa/2.0/keys/server.key
ca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/2.0/keys/server.crt
dh /etc/openvpn/examples/easy-rsa/2.0/keys/dh2048.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

keepalive 10 120

comp-lzo
max-clients 5

persist-key
persist-tun

status /tmp/openvpn-status.log
log-append  /var/log/openvpn.log
verb 4

push "redirect-gateway def1"
push "dhcp-option DNS 145.253.2.11"
push "dhcp-option DNS 145.253.2.75"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

Client Config:

client
dev tun
proto tcp
remote 188.40.XXX.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4

Best Answer

In your server config you probably currently have the setting redirect-gateway. Try replacing that with the redirect-gateway def1.

This option will create 2 routes 0.0.0.0/1 and 128.0.0.0/1 instead of a route for 0.0.0.0/0. Because these routes are more specific they should be used instead of your configured default gateway.

Related Topic