Can't get "redirect-gateway" to work correct

riahc3

On my client side, if I include "redirect-gateway", I can access the tunnel but I cannot access internet.
Without it, I can't access the tunnel but I can access internet.

server:

port 1194
proto udp
dev tun
ca keys/comp-ca/ca.crt
cert keys/comp-ca/comp-svr.crt
key keys/comp-ca/comp-svr.key
dh keys/comp-ca/dh2048.pem
server 10.10.10.1 255.255.255.0
crl-verify keys/comp-ca/crl.pem
ifconfig-pool-persist servers/compSVR/logs/ipp.txt
cipher AES-128-CBC
user root
group root
status servers/compSVR/logs/openvpn-status.log
log-append servers/compSVR/logs/openvpn.log
verb 2
mute 20
max-clients 200
management 127.0.0.1 7505
keepalive 10 120
client-config-dir /etc/openvpn/servers/compSVR/ccd
client-to-client
comp-lzo
persist-key
persist-tun
ccd-exclusive
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.100.0 255.255.255.0"

client:

client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
cert clientlocal.crt
key clientlocal.key
remote 192.168.100.200 1194
cipher AES-128-CBC
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind

ccd:

ifconfig-push 10.10.10.177 10.10.10.178
iroute 192.168.100.100 255.255.255.0
iroute 172.16.0.0 255.255.0.0
push "route 192.168.100.0 255.255.255.0"
push "route 172.16.0.0 255.255.0.0"

I want to be able to do both.

marvosa

A few things… first, this clearly is not a PFsense box... you should probably post in the forum of whatever distro you're using or openvpn.net, but will attempt to help anyway.

1.  Provide a network map, so we know more about your network and what you're trying to access.

2.  Is this in a lab?  Because it appears as though you are trying to connect to the VPN from the same LAN the server is on... but we'll know more when you provide the network map.

3.  When you say "I can access the tunnel but I cannot access internet.", can you truly not access the internet or just unable to resolve domain names?  Because those are two separate issues.