Traffic bypasses OpenVPN

Kernels & Hardware, configuring network, installing services

Traffic bypasses OpenVPN

Postby karfi » 2015-09-16 14:18

Hello,
I'm running OpenVPN service on both debian server and client. When start connection between client and server, I expect all the computer traffic (except ARP and DHCP requests) go through created tunnel. However, when I capture packets on wlan0 on client (the only connection going outside host) using Wireshark, I can see DNS requests visible and sometimes incoming TCP traffic as well, but most of the traffic is going through tunnel as expected. I provide both configurations of client and server and client routing table for inspection. I changed server address to avoid server exploitation in the case of some big configuration mistake.

Commands to run OpenVPN services are:
Code: Select all
For client: sudo openvpn --config /etc/openvpn/client.conf &
For server: sudo openvpn --config /etc/openvpn/server.conf &


**Client routing table when VPN is OFF**
Code: Select all
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    1024   0        0 wlan0
192.168.1.0     *               255.255.255.0   U     0      0        0 wlan0


**Client routing table when VPN is ON**
Code: Select all
Kernel IP routing table
Destination         Gateway         Genmask              Flags Metric Ref    Use Iface
default                10.0.1.5          128.0.0.0              UG    0      0        0 tun0
default                192.168.1.1     0.0.0.0                 UG    1024   0        0 wlan0
132.220.56.210   192.168.1.1     255.255.255.255   UGH   0      0        0 wlan0
10.0.1.1              10.0.1.5          255.255.255.255   UGH   0      0        0 tun0
10.0.1.5              *                     255.255.255.255   UH    0      0        0 tun0
128.0.0.0            10.0.1.5          128.0.0.0              UG    0      0        0 tun0
192.168.1.0         *                    255.255.255.0        U     0      0        0 wlan0


Client configuration:
Code: Select all
script-security 3
up   /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

remote-cert-tls server
log-append /var/log/openvpn.log

client
tls-client
dev tun
proto udp
remote 132.220.56.210
port 1194

resolv-retry infinite
nobind
persist-key
persist-tun

ca /etc/openvpn/certs/ca.crt
cert /home/user1/VPS/VPN/user1.crt
key /home/user1/VPS/VPN/user1.key

comp-lzo
verb 3
cipher AES-256-CBC
user nobody
group nogroup


Server configuration:
Code: Select all
mode server
tls-server

port 1194
proto udp
dev tun
server 10.0.1.0 255.255.255.0

ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem

log-append /var/log/openvpn.log
status /var/run/vpn.status 10

user nobody
group nogroup

keepalive 10 120
comp-lzo
verb 3
cipher AES-256-CBC

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"     
push "dhcp-option DNS 8.8.4.4"

persist-key
persist-tun


I searched through many forums and documentation and I found, that for all the traffic going via VPN is command: *push "redirect-gateway def1"* neccessary, however, I have leaks despite this command being in place. I already spent over 2 days with this and tried to configure it in many ways, now I have no clue what I'm missing.

Can anybody please give me a hint? Thank you.
karfi
 
Posts: 3
Joined: 2015-09-09 04:44

Return to System configuration

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable