Openvpn basic configuration for full traffic routing

My client machine is Ubuntu 11.04, my server machine is Ubuntu 10.10.
I'm trying to achieve the simplest quick and dirty solution possible to get all my client machine's traffic to be redirected to the server machine and from there to the internet.

For the I'm trying to follow this guide http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html

Being new the openvpn, I've looked at the logs but I think that the client does not even attempt to contact the server to open the connection. Am I missing some configuration option or should I not be starting the client the same method I'm starting the server daemon?

On the server I have configured the following:

root@domU-12-31-39-16-42-4D:/etc/openvpn# cat /etc/openvpn/server.conf 
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret /etc/openvpn/static.key
push "redirect-gateway def1 bypass-dhcp"

proto udp
comp-lzo

status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log

keepalive 10 120
persist-key
persist-tun
ping-timer-rem

verb 7

On the client machine I have configured the following:

root@maxim-desktop:/etc/openvpn# cat /etc/openvpn/client.conf 
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret /etc/openvpn/static.key

proto udp
comp-lzo

persist-key
persist-tun

keepalive 10 120
persist-key
persist-tun
ping-timer-rem

status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log

remote ec2-50-17-124-16.compute-1.amazonaws.com 1194
resolv-retry infinite

verb 7

I'm basically following this guide http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html and still, when I open the vpn connection on the client side I don't get all my traffic to be redirected through the vpn server.

Best Answer

I do this on my home Wifi, because I don't trust WEP/WPA. The relevant setting on my OpenVPN server is:

push "route 0.0.0.0 0.0.0.0"

That tells the client "I want you to route all your traffic through me". From there, I can deal with the traffic on the server as I would any other traffic that I need to route.

The only caveat is that you need to remove or deprioritise the default route that the DHCP server might send (if you're using dynamic config); I just have a post-up rule in /e/n/interfaces that deletes the default route that the DHCP server sends, since it's useless anyway, but you could also configure your DHCP server not to send it at all (I used to use dnsmasq, which got shirty if it couldn't send a default route, hence my hack; now I've run away from it, I should probably reconfigure ISC DHCP to do the right thing and not send the default route at all).

Best Answer

Related Solutions

Openvpn – How to set up OpenVPN to accept more than 60 connections

Openvpn – Problems setting up a VPN: can connect but can’t ping anyone

Related Topic