Problems routing all traffic through tunnel

SFM

Hum….

If you do an ipconfig /all does it show that the gateway has been added to your client computer when you are connnected?

Are you pushing more then just the gateway?
If so are you adding the ; between items?

push "dhcp-option DNS 10.0.0.10";push "dhcp-option WINS 10.0.0.10"

Do the other pushed items show in ipconfig /all (wins or DNS if you are pushing them)

Are you pushing the dns?
You may need this to get to the outside world

Just a few ideas
SFM

chillster

The gateway gets pushed to the client correctly so that works ok.
I don push any other options except the gateway, but im thinking that shouldnt matter cause im not trying to ping a dnsadress just a regular ip.
Running out of ideas here :/

GruensFroeschli

what you are trying to do is working for me right now.
i use TCP since i have to use a proxy.

here's my config.
maybe you want to compare it with your own.

$ less /var/etc/openvpn_server0.conf
writepid /var/run/openvpn_server0.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto tcp-server
cipher BF-CBC
client-to-client
server 172.17.103.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
lport 443
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
comp-lzo
persist-remote-ip
float
push "redirect-gateway def1"
push "dhcp-option DNS 172.17.103.1"

chillster

Thanks, very helpful!
OK i compared our configs now and its almost identical except subnets, port, cipher and compression. And those shouldnt matter much i guess.
Did you add any rules to your firewall to get it to work ?

GruensFroeschli

i only added a rule to allow traffic to any

SFM

If you are connecting with windows xp service pack 2 make sure the firewall is off on the OVPN adapter.
You can have the firewall on all connections but the Open VPN.

There is a known issue with xp2 and openvpn.
www.openvpn.org

chillster

No my client is on an Ubuntubox, but thanks anyway : )

tpunder

I realize this topic is a month old, but a friend and I have been banging our heads again the wall for about 3 hours now trying to figure this out. We finally did. What you need to do is go into Firewall/NAT/Outbound then enable Advanced outbound NAT and add a line for your VPN's network much like your internal LAN. Once that was added it started working.

dairaen

cheers,

tpunder, could you please send me or upload a screenshot of
your working outbound NAT rules so i can add them to the
tutorial?

thanks.

kind regards
dairaen

tpunder

@dairaen:

cheers,

tpunder, could you please send me or upload a screenshot of
your working outbound NAT rules so i can add them to the
tutorial?

thanks.

kind regards
dairaen

No problem, I just sent a PM with a screenshot.