Routing all traffic through VPN

Got a problem with Viscosity or need help? Ask here!

bren

Posts: 1
Joined: Mon Jan 11, 2010 7:40 am

Post by bren » Mon Jan 11, 2010 7:53 am
I love the project! I'm having troubles setting up viscosity with my VPN though. I want to route all internet traffic through my VPN server when connecting with viscosity.

If I have "route all traffic through VPN" checked, I can't ping the server (10.8.0.1) or anything in that manner.
If I have "route all traffic through VPN" not checked, I can ping the server, my mac (10.8.0.6), but can't browse the internet.
192.168.101.0 is my local network

client netstat -nr
Code: Select all
0/1                10.8.0.5           UGSc            3        0    tun0
default            192.168.101.1      UGSc            5        0     en1
10.8/24            10.8.0.1           UGSc            0        0    tun0
10.8.0.5           10.8.0.6           UH              5        0    tun0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              2    24370     lo0
128.0/1            10.8.0.5           UGSc            1        0    tun0
169.254            link#5             UCS             0        0     en1
_SERVER_IP/32  192.168.101.1      UGSc            1        0     en1
192.168.101        link#5             UCS             4        0     en1
192.168.101.1      0:3:52:7:14:1a     UHLWI           2        5     en1   1196
192.168.101.153    127.0.0.1          UHS             2      918     lo0
192.168.101.255    ff:ff:ff:ff:ff:ff  UHLWbI          1        3     en1


Server config:
Code: Select all
dev tun
proto tcp
port 1194

ca      /etc/openvpn/easy-rsa/keys/ca.crt
cert    /etc/openvpn/easy-rsa/keys/server.crt
key     /etc/openvpn/easy-rsa/keys/server.key
dh      /etc/openvpn/easy-rsa/keys/dh1024.pem

user nobody
group nogroup
server 10.8.0.0 255.255.255.0

persist-key
persist-tun

client-to-client
push "redirect-gateway def1"

log-append vpn.log
verb 5
comp-lzo
iptables -t nat
Code: Select all
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  10.8.0.0/24          anywhere            to:_STATIC_IP_
viscosity config
Code: Select all
#-- Config Auto Generated By Viscosity --#
#viscosity startonopen false
#viscosity dhcp true
#viscosity dnssupport true
#viscosity name Seattle
remote _SERVER_IP_ 1194
persist-key
tls-client
proto tcp-client
ca ca.crt
dev tun
persist-tun
cert cert.crt
comp-lzo
nobind
key key.key
pull
route 10.8.0.0 255.255.255.0 10.8.0.1 default

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Jan 11, 2010 6:09 pm
Hi Bren,
If I have "route all traffic through VPN" checked, I can't ping the server (10.8.0.1) or anything in that manner.
This option essentially just turns on the "redirect-gateway def1" command on the client side. It looks like you're pushing this out from the server side anyway, so it shouldn't make too much difference.
route 10.8.0.0 255.255.255.0 10.8.0.1 default
I'd recommend removing this route from Viscosity. OpenVPN should attempt to create this route automatically for the local subnet (and point it to a different IP address, usually 10.8.0.5).
I can ping the server, my mac (10.8.0.6), but can't browse the internet.
192.168.101.0 is my local network
If you can get to this stage (without your custom route above), you've probably got a NAT related issue on your server. It looks like you're using ipchains which I'm afraid I'm not that familiar with, however we find a command mistake people make is to forget to enable NAT in the kernel ("echo 1 > /proc/sys/net/ipv4/ip_forward").

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1