Not able to connect Internet through OpenVPN
-
I found this description in the book for the redirect option that might give you a clue.
"When the Redirect Gateway option is selected the server will push a message to clients instructing them to forward all traffic, including Internet traffic, over the VPN tunnel. This only works in SSL/TLS modes with a tunnel network larger than a /30 subnet."
-
@raffi_ said in Not able to connect Internet through OpenVPN:
I found this description in the book for the redirect option that might give you a clue.
"When the Redirect Gateway option is selected the server will push a message to clients instructing them to forward all traffic, including Internet traffic, over the VPN tunnel. This only works in SSL/TLS modes with a tunnel network larger than a /30 subnet."
Right. It will work with a point-to-point OpenVPN tunnel (shared-key or a /30 tunnel network) but the setting cannot be pushed from the server to the client. It must be controlled with the same setting on the client.
-
Take a look on the firewall-rules- open VPN "interface", something happend with the wizard rules created by wizard are wrong.
-
@derelict I do have a /24 tunnel network. It is also introduced on the client settings, so I think it cannot be the matter.
-
@musote I have re-done the rules, to the OpenVPN "interface" as well as the assigned interface OVPN1, and both have ipv4 all all allow rule applied.
-
And?
-
Well, it is not solved. I have done all that prior to posting here. My VPN traffing is not routed to internet. Currently, I have the "route all traffic to tunnel" option off, because I cannot get it to work. I just have to realize that whenever I am connected to that VPN, my internet traffic is not encrypted.
-
I don't use Tunnelblick personally. The general recommendation for a quality Mac OpenVPN client is Viscosity.
If you have redirect gateway checked in the server and you do not end up with two routes on the client (0.0.0.0/1 and 128.0.0.0/1) then it is likely a setting on the client telling it not to honor the routes being pushed. There is not much else to it.
Did you use the configuration export package?
-
OK,
I have to give Viscosity a try. I have been using Tunnelblick for quite a while now, and with the recent WatchGuard Firebox firewall I experienced zero problems using it.
And yes, I exported the settings using the latest version of the "openvpn-client-export". -
Hi, I had the same problem and I solved with an additional command.
push "redirect-gateway def1";push "dhcp-option DNS 192.168.254.1";verb 1;mute-replay-warnings192.168.254.1 it's my vpn network
-
@claudio69 OK,
Have to try this!
Are you able to clarify, what does the options do? I know that the "redirect-gateway def1" introduces the default gateway of the router to the VPN client, but what about the "dhcp-option DNS xxx.yyy", do you have a DNS option on the VPN server settings or is it blank? -
I have no DNS set up on the VPN server.
I searched the internet for a long time and found this series of commands that solved the problem,I hope it works for you too.
Greetings
