yonubear
Posts: 90
Joined: Thu Sep 12, 2013 11:11 pm

OpenVPN client

Tue May 10, 2016 8:55 pm

Is an one using a Rpi2 with rasping Jessie with OpenVPN I am having trouble with getting all the traffic to route through the VPN

Thanks,
Yonu

User avatar
MarkHaysHarris777
Posts: 1820
Joined: Mon Mar 23, 2015 7:39 am
Location: Rochester, MN
Contact: Website

Re: OpenVPN client

Wed May 11, 2016 3:54 am

yonubear wrote:Is an one using a Rpi2 with rasping Jessie with OpenVPN I am having trouble with getting all the traffic to route through the VPN
If you were more specific, we might be able to help you. I have an openVPN server running on my wheezy machine... have not tried it on Jessie yet... it should be transparent, if you've setup everything correctly; and that's a big if.
marcus
:ugeek:

Tzarls
Authorised Reseller
Authorised Reseller
Posts: 224
Joined: Tue Feb 26, 2013 6:59 am

Re: OpenVPN client

Wed May 11, 2016 5:28 am

I think the OP is looking for a way to use the RPI as an OpenVPN client, so that all traffic going out of the RPi goes thru the OpenVPN server.

Still, more info is needed, as what are the steps already tried.

User avatar
MarkHaysHarris777
Posts: 1820
Joined: Mon Mar 23, 2015 7:39 am
Location: Rochester, MN
Contact: Website

Re: OpenVPN client

Wed May 11, 2016 5:41 am

Tzarls wrote:I think the OP is looking for a way to use the RPI as an OpenVPN client, so that all traffic going out of the RPi goes thru the OpenVPN server.

Still, more info is needed, as what are the steps already tried.
My point precisely. Its not normal for all traffic to go through the openVPN server. The server issues the client an IP address that from the standpoint of the internal net makes the client appear as though its the server address.

So, for instance, one of my clients gets address 10.8.0.6 as its VPN address... but, when the client say ssh into one of the PIs on my local net, it looks to the PI on the local net as though it has the server's local IP address.

Another way of saying this is that the client's external address allows it to pass traffic on to the internal network via the server's IP address... to the internal network the client looks like the server, and to the client the internal network 'looks' like its directly connected (with an encrypted channel, of course).

But here's the thing... the openVPN server only sends data to its clients... The only traffic that goes through the openVPN server is the client traffic ! (that is assuming the openVPN server is running on the local network, on a PI, as mine does). Local net traffic does not pass through the openVPN server unless it is going|coming to|from the client(s). But, all traffic from the client must necessarily pass through the openVPN server (well, for one thing its encrypted, and if it didn't nothing else could makes sense of it!).

I suspect the server is setup wrong, or the OPs client.ovpn file is not correct. who know, because the OP didn't give us enough info.
marcus
:ugeek:

rayjoh
Posts: 26
Joined: Thu May 23, 2013 11:48 am

Re: OpenVPN client

Wed May 11, 2016 7:28 am

https://openvpn.net/index.php/open-sour ... l#redirect
Routing all client traffic (including web-traffic) through the VPN
Add the following directive to the server configuration file:
push "redirect-gateway def1"
-- Raymond

yonubear
Posts: 90
Joined: Thu Sep 12, 2013 11:11 pm

Re: OpenVPN client

Wed May 11, 2016 4:08 pm

perhaps all traffic was the wrong work but I was getting no traffic through the vpn I found if I run

sudo ip route add default dev tun0

after connecting if it matters I have switched the network management to network manager it does what I want I am trying to get it so that as far as the the internet and devices are concerned it is part of my home network. I would prefer not to have to remeber to run the command everytime though

tell me what info is needed and I will attempt to provide it

Thanks,
Yonu

User avatar
MarkHaysHarris777
Posts: 1820
Joined: Mon Mar 23, 2015 7:39 am
Location: Rochester, MN
Contact: Website

Re: OpenVPN client

Wed May 11, 2016 4:19 pm

yonubear wrote: I am trying to get it so that as far as the the internet and devices are concerned it is part of my home network.
Yes, obviously, that is required! Your PI server (openVPN) should be wired on your home network with a reserved IP address (if it gets its address dynamically) and the server should be listening on 1194 udp. Your firewall|router should be set for forward 1194udp port traffic to your PI openVPN server (local IP address). You should not be having to play with your default gateway, &c.

The first step is to get your PI on the network correctly on boot-up. The next step is to have your openVPN server configured to listen on 1194udp. The third step is to configure your router to forward outside traffic on port 1194udp to your PIs local IP address. (this assumes that your router is sophisticated enough to support port forwarding and port triggering)
marcus
:ugeek:

Return to “General discussion”