Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Traffic bypasses OpenVPN

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
karfi
Posts: 3
Joined: 2015-09-09 04:44

Traffic bypasses OpenVPN

#1 Post by karfi »

Hello,
I'm running OpenVPN service on both debian server and client. When start connection between client and server, I expect all the computer traffic (except ARP and DHCP requests) go through created tunnel. However, when I capture packets on wlan0 on client (the only connection going outside host) using Wireshark, I can see DNS requests visible and sometimes incoming TCP traffic as well, but most of the traffic is going through tunnel as expected. I provide both configurations of client and server and client routing table for inspection. I changed server address to avoid server exploitation in the case of some big configuration mistake.

Commands to run OpenVPN services are:

Code: Select all

For client: sudo openvpn --config /etc/openvpn/client.conf &
For server: sudo openvpn --config /etc/openvpn/server.conf &
**Client routing table when VPN is OFF**

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    1024   0        0 wlan0
192.168.1.0     *               255.255.255.0   U     0      0        0 wlan0
**Client routing table when VPN is ON**

Code: Select all

Kernel IP routing table
Destination         Gateway         Genmask              Flags Metric Ref    Use Iface
default                10.0.1.5          128.0.0.0              UG    0      0        0 tun0
default                192.168.1.1     0.0.0.0                 UG    1024   0        0 wlan0
132.220.56.210   192.168.1.1     255.255.255.255   UGH   0      0        0 wlan0
10.0.1.1              10.0.1.5          255.255.255.255   UGH   0      0        0 tun0
10.0.1.5              *                     255.255.255.255   UH    0      0        0 tun0
128.0.0.0            10.0.1.5          128.0.0.0              UG    0      0        0 tun0
192.168.1.0         *                    255.255.255.0        U     0      0        0 wlan0
Client configuration:

Code: Select all

script-security 3
up   /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

remote-cert-tls server
log-append /var/log/openvpn.log

client
tls-client
dev tun
proto udp
remote 132.220.56.210
port 1194

resolv-retry infinite
nobind
persist-key
persist-tun

ca /etc/openvpn/certs/ca.crt
cert /home/user1/VPS/VPN/user1.crt
key /home/user1/VPS/VPN/user1.key

comp-lzo
verb 3
cipher AES-256-CBC
user nobody
group nogroup
Server configuration:

Code: Select all

mode server
tls-server

port 1194
proto udp
dev tun
server 10.0.1.0 255.255.255.0

ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem

log-append /var/log/openvpn.log
status /var/run/vpn.status 10

user nobody
group nogroup

keepalive 10 120
comp-lzo
verb 3
cipher AES-256-CBC

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"      
push "dhcp-option DNS 8.8.4.4"

persist-key
persist-tun
I searched through many forums and documentation and I found, that for all the traffic going via VPN is command: *push "redirect-gateway def1"* neccessary, however, I have leaks despite this command being in place. I already spent over 2 days with this and tried to configure it in many ways, now I have no clue what I'm missing.

Can anybody please give me a hint? Thank you.
Top
Post Reply

Return to “System and Network configuration”