#1 2017-03-02 17:15:01

Trumanbaz
Member
Registered: 2017-03-02
Posts: 1

OpenVPN client routing

Hello friends!
I want to use LowEndSpirit server as OpenVPN client.
I installed OpenVPN, downloaded all required files from my VPN provider. Then I run OpenVPN with my Japan.conf file, it starts tun0 interface and connects successfully (I see this message in log file: Initialization Sequence Completed).
However, when I run "curl ipinfo.io/ip" command, my external IP address is not changed. It is still 103.25.58.8 Australia (external NAT IPv4 address).
It seems that I need to route traffic from venet0 interface to tun0 or something like that, but unfortunately I'm not fluent in it.
Does anybody know how to solve this problem?

P.S.
There is also this message in the log file: "NOTE: unable to redirect default gateway -- Cannot read current default gateway from system".
But in OpenVZ there is no primary (or default) gateway in a virtual server. And it means that I need to route traffic manually by adding to Japan.conf something like this:
route-noexec
route-up /etc/openvpn/route-up.sh

The first line tells my VPN server not to look for default gateway. The second line allows to run a custom script where I can do routing manually. But I don't have enough knowledge to go further. Can anybody help?

Thanks in advance, Alex.

Offline

#2 2017-03-02 17:49:17

Simonindia
Moderator and your buddy
From: India
Registered: 2015-06-05
Posts: 593

Re: OpenVPN client routing

Hello there use this installer script that way you will have a Openvpn up and running in no time


https://github.com/Nyr/openvpn-install


Just trying my best to help. ♥ |
----------------------------------------------------------------------------------
“Remember to always be yourself. Unless you suck.” -Joss Whedon“Do what you can, with what you have, where you are.”-Theodore Roosevelt

Offline

#3 2017-03-03 05:21:34

LowEnder
Trusted Member
Registered: 2015-08-21
Posts: 38

Re: OpenVPN client routing

Setting the routes to have all your traffic routed through the vpn should'nt be to hard but i fear it might be a little tricky to do so while still being able to allow incoming connections coming from the local network. So please keep in mind trying those settings might lock you out of the vps and it might need a reboot to get network back. Anyways the routes script id try would look something like this:

route del default

Remove the default route we want to replace.

route add 123.123.123.123 venet0

Route traffic to your vpn the usual way (123.123.123.123 being the ip of your vpn server).

Add a route to make packets coming from the local nat go back there???

This is where i am out of ideas. I don't think the kernel is magically smart enough to route packets back over the interface it received them on. If you can connect to your vps via ipv6 you get an easy way out but otherwise i dont see a nice solution. If you are on a (semi-)fixed ip you could add a route to send packets there over venet0. I've seen a couple isps where ips hardly change beyond the last octet so something ip like route add 123.123.123.0 netmask 255.255.255.0 venet0 would work. Beyond that the only thing i can think of is source based routing and iptables voodoo in form of marking packets but thats really another topic hmm

route add $route_gateway_1 $dev

Add a route for the gateway supplied by the vpn server. Note: I am using those variables in an up script. Not 100% sure if they are available in route-up too, sorry. https://openvpn.net/index.php/open-sour … npage.html "SCRIPTING AND ENVIRONMENTAL VARIABLES" hints a little at this not being the case.

route add default gw $route_gateway_1 $dev

Now your traffic should go through the vpn by default but unless you somehow took care of the question mark step you are also likely locked out of ssh. Sorry i dont have a complete solution but maybe this helps putting you on the right track smile

Last edited by LowEnder (2017-03-03 05:24:30)

Offline

Board footer