OpenVPN - Client traffic is not entirely routed through VPN
Solution 1
Well, Mike's answer gave me the clue. Viscosity does override some settings.
The solution is to add the redirect command in Extra OpenVPN configuration commands.
To do so, Edit your connection, go to Advanced tab, and add push "redirect-gateway def1"
:
And as Mike said, don't forget to check Send all traffic over vpn connection in Networking tab:
Solution 2
using Viscosity.. just overwrite the routes getting pushed by the vpn server.. Edit the config of the connection -> networking -> send all traffic over vpn connection
Related videos on Youtube
Pierre Espenan
Hello, I'm a Webapp and iOS developer, based in London. I'm currently working at Upmysport on a PhoneGap packaged Webapp. I also used to work for Orange Lab UK on the messaging Webapp Libon, and for Airbus as an industrial software developer. I consider myself as a hardworker and I get super involved in the projects I work on. Oh, and I eat code for breakfast.
Updated on September 18, 2022Comments
-
Pierre Espenan almost 2 years
I installed OpenVPN on my dedicated server.
Using Viscosity or Tunnelblick on the client, I successfully connected to this server.However, after some tests, I realized that not all the traffic generated by the client goes through the server. Rather than using 1000 words to explain it, I made an image :
As you can see, the yellow part on the server side doesn't show any activity. I get the same phenomenon for YouTube videos loading for example.
Here is my OpenVPN server configuration file :
mode server proto tcp port 1199 dev tun ca ca.crt cert server.crt key server.key dh dh1024.pem tls-auth ta.key 0 cipher AES-256-CBC server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 client-to-client user nobody group nogroup chroot /etc/openvpn/jail persist-key persist-tun comp-lzo verb 3 mute 20 status openvpn-status.log
And here is the client .opvn configuration file :
client dev tun proto tcp remote MY.SER.VER.IP 1199 resolv-retry infinite cipher AES-256-CBC ca ca.crt cert client1.crt key client1.key tls-auth ta.key 1 nobind persist-key persist-tun comp-lzo verb 3
Any idea what's wrong ?
EDIT:
I also tried to create the following iptables rule (found on openvpn.net How To page):
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
It doesn't change my problem. However, I can't see any new rule when using
iptables --list
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
-
Olipro about 11 yearscan you provide a paste of the routing table of the OpenVPN client before and after connecting. If not, what OS is the client running?
-
Pierre Espenan about 11 yearsThe client is running Mac OS 10.8.3. How do I get the routing table of Mac OS ?
-
Olipro about 11 yearsrun the command
netstat -nr
-
-
Pierre Espenan about 11 yearsI already tried to check this box. The problem remains the same. However, I didn't neither fill the "Default Gateway" nor add a rule. Should I ?