Quick question just to verify i'm not going mental.
If using device mode "tap" and i got a fully function connection in the sense that i can ping from client to server without any issues.
However, i want to force my traffic through the VPN and nothing can leak out, no matter what.
I'm stuck on my head around this but shouldn't this be valid in the server.ovpn?
mode server
tls-server
...
dev tap
dev-node TAP1
ifconfig 192.168.0.1 255.255.255.0
ifconfig-pool 192.168.0.10 192.168.0.20
route-gateway 192.168.0.1
route 192.168.0.0 255.255.255.0 192.168.0.1
client-to-client
push "route 192.168.0.0 255.255.255.0 192.168.0.1"
push "route-gateway 192.168.0.1"
push "redirect-gateway def1"
The client.ovpn looks like:
client
tls-client
dev tap
dev-node TAP1
...
pull
The connection establishes and what not, the output of the clients log is:
ROUTE default_gateway=<external IP gateway>
PUSH: Recieved control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0 192.168.0.1,route-gateway...
Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.0.10/255.255.255.0 on interface ...
Successful ARP Flush
Added routes 139.. 127.. 192...
All appears to be fine except that a default gateway just isn't set when checking ipconfig /all
The output of the route print looks like:
Destination Netmask Gateway
0.0.0.0 0.0.0.0 <external Gateway> <-- Wrong?
192.168.0.0 255.255.255.0 On-link
192.168.0.0 255.255.255.0 192.168.0.1
The routing table appears to be off?
Best Answer
If you use that option, then you don't set a default gateway. Instead two routes should be added for
0.0.0.0/1, and128.0.0.0/1to your VPN.