Skip to content
Routing all traffic through VPN
Got a problem with Viscosity or need help? Ask here!
I love the project! I'm having troubles setting up viscosity with my VPN though. I want to route all internet traffic through my VPN server when connecting with viscosity.
If I have "route all traffic through VPN" checked, I can't ping the server (10.8.0.1) or anything in that manner.
If I have "route all traffic through VPN" not checked, I can ping the server, my mac (10.8.0.6), but can't browse the internet.
192.168.101.0 is my local network
client netstat -nr
Server config:
If I have "route all traffic through VPN" checked, I can't ping the server (10.8.0.1) or anything in that manner.
If I have "route all traffic through VPN" not checked, I can ping the server, my mac (10.8.0.6), but can't browse the internet.
192.168.101.0 is my local network
client netstat -nr
Code: Select all
0/1 10.8.0.5 UGSc 3 0 tun0
default 192.168.101.1 UGSc 5 0 en1
10.8/24 10.8.0.1 UGSc 0 0 tun0
10.8.0.5 10.8.0.6 UH 5 0 tun0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 2 24370 lo0
128.0/1 10.8.0.5 UGSc 1 0 tun0
169.254 link#5 UCS 0 0 en1
_SERVER_IP/32 192.168.101.1 UGSc 1 0 en1
192.168.101 link#5 UCS 4 0 en1
192.168.101.1 0:3:52:7:14:1a UHLWI 2 5 en1 1196
192.168.101.153 127.0.0.1 UHS 2 918 lo0
192.168.101.255 ff:ff:ff:ff:ff:ff UHLWbI 1 3 en1
Server config:
Code: Select all
iptables -t nat
dev tun
proto tcp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
client-to-client
push "redirect-gateway def1"
log-append vpn.log
verb 5
comp-lzo
Code: Select all
viscosity config
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.8.0.0/24 anywhere to:_STATIC_IP_
Code: Select all
#-- Config Auto Generated By Viscosity --#
#viscosity startonopen false
#viscosity dhcp true
#viscosity dnssupport true
#viscosity name Seattle
remote _SERVER_IP_ 1194
persist-key
tls-client
proto tcp-client
ca ca.crt
dev tun
persist-tun
cert cert.crt
comp-lzo
nobind
key key.key
pull
route 10.8.0.0 255.255.255.0 10.8.0.1 default
Hi Bren,
Cheers,
James
If I have "route all traffic through VPN" checked, I can't ping the server (10.8.0.1) or anything in that manner.This option essentially just turns on the "redirect-gateway def1" command on the client side. It looks like you're pushing this out from the server side anyway, so it shouldn't make too much difference.
route 10.8.0.0 255.255.255.0 10.8.0.1 defaultI'd recommend removing this route from Viscosity. OpenVPN should attempt to create this route automatically for the local subnet (and point it to a different IP address, usually 10.8.0.5).
I can ping the server, my mac (10.8.0.6), but can't browse the internet.If you can get to this stage (without your custom route above), you've probably got a NAT related issue on your server. It looks like you're using ipchains which I'm afraid I'm not that familiar with, however we find a command mistake people make is to forget to enable NAT in the kernel ("echo 1 > /proc/sys/net/ipv4/ip_forward").
192.168.101.0 is my local network
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts
Page 1 of 1