0

I have an OpenVPN server on ubuntu and the client (Openvpn 2.1_rc19) on windows7 x64.
The connection is established an I can use it. However not all traffic is routed through the openvpn interface and so I have different is's on different servers.

e.g.: showipaddress.com IP=208.99.113.122 sees only the external ip of my vpn server
whatsmyip.com IP=208.87.33.150 sees the ip of my regular dialup connection

I guess it is a routing issue, so her is "route print" from the windows client

Schnittstellenliste
 27...00 ff 1a c3 26 d6 ......TAP-Win32 Adapter V9
 26...........................Vodafone
  1...........................Software Loopback Interface 1

IPv4-Routentabelle
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0         10.8.0.5         10.8.0.6      4
          0.0.0.0          0.0.0.0   Auf Verbindung    109.84.XXX.XXX     31
         10.8.0.4  255.255.255.252   Auf Verbindung          10.8.0.6    259
         10.8.0.6  255.255.255.255   Auf Verbindung          10.8.0.6    259
         10.8.0.7  255.255.255.255   Auf Verbindung          10.8.0.6    259
   109.84.XXX.XXX  255.255.255.255   Auf Verbindung    109.84.XXX.XXX    286
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1   4531
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1   4531
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1   4531
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6      4
   188.40.XXX.XXX  255.255.255.255   Auf Verbindung    109.84.XXX.XXX     30
        224.0.0.0        240.0.0.0   Auf Verbindung    109.84.XXX.XXX     31
    255.255.255.0    255.255.255.0         10.8.0.5         10.8.0.6      4
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1   4531
  255.255.255.255  255.255.255.255   Auf Verbindung          10.8.0.6    259
  255.255.255.255  255.255.255.255         10.8.0.5         10.8.0.6      4
  255.255.255.255  255.255.255.255   Auf Verbindung    109.84.XXX.XXX    286
===========================================================================
St„ndige Routen:
  Keine

109.84.XXX.XXX is the external ip of my dialup (umts) 188.40.XXX.XXX is my servers external ip address 10.8.0.0 is the openvpn network, with 6 being the client.

If I delete the the second 0.0.0.0 entry those site will not work anymore, while those that are routed over vpn as they should still work.

What do I have to do so that everything is routed through openvpn ?

Edit: Server configuration

local 188.40.XXX.XXX
port 1194

proto tcp
dev tun
tun-mtu 1544

key /etc/openvpn/examples/easy-rsa/2.0/keys/server.key
ca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/2.0/keys/server.crt
dh /etc/openvpn/examples/easy-rsa/2.0/keys/dh2048.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

keepalive 10 120

comp-lzo
max-clients 5

persist-key
persist-tun

status /tmp/openvpn-status.log
log-append  /var/log/openvpn.log
verb 4

push "redirect-gateway def1"
push "dhcp-option DNS 145.253.2.11"
push "dhcp-option DNS 145.253.2.75"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

Client Config:

client
dev tun
proto tcp
remote 188.40.XXX.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4
Darcara
  • 143
  • 1
  • 1
  • 6
  • Why does everyone always mask host specific portion of IP addresses. It would be far more useful for diagnostics/troubleshooting if you masked out the network and told us the host portion of your routes... Next time if you have and address 10.20.30.40, tell us the xx.xx.30.40, not the other way around. Or just replace the network part with addresses from the RFC1918 range... – Zoredache Aug 22 '10 at 00:06
  • Really? I always thought the network portion was more interesting... But okay, will do. Thanks for the tip. – Darcara Aug 22 '10 at 00:16

2 Answers2

0

In your server config you probably currently have the setting redirect-gateway. Try replacing that with the redirect-gateway def1.

This option will create 2 routes 0.0.0.0/1 and 128.0.0.0/1 instead of a route for 0.0.0.0/0. Because these routes are more specific they should be used instead of your configured default gateway.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • I had "redirect-gateway def1 bypass-dhcp" in there. I changed it as you recommended, but after a reconnect nothing changed. – Darcara Aug 22 '10 at 00:09
0

It works now.
I deleted the default route the dial up gave me and added a route only to my openvpn server. That did the trick, as now openvpn could push all routes to me, including the default route :)

Darcara
  • 143
  • 1
  • 1
  • 6