My client machine is Ubuntu 11.04, my server machine is Ubuntu 10.10. I'm trying to achieve the simplest quick and dirty solution possible to get all my client machine's traffic to be redirected to the server machine and from there to the internet.
For the I'm trying to follow this guide http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
Being new the openvpn, I've looked at the logs but I think that the client does not even attempt to contact the server to open the connection. Am I missing some configuration option or should I not be starting the client the same method I'm starting the server daemon?
On the server I have configured the following:
root@domU-12-31-39-16-42-4D:/etc/openvpn# cat /etc/openvpn/server.conf
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret /etc/openvpn/static.key
push "redirect-gateway def1 bypass-dhcp"
proto udp
comp-lzo
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
keepalive 10 120
persist-key
persist-tun
ping-timer-rem
verb 7
On the client machine I have configured the following:
root@maxim-desktop:/etc/openvpn# cat /etc/openvpn/client.conf
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret /etc/openvpn/static.key
proto udp
comp-lzo
persist-key
persist-tun
keepalive 10 120
persist-key
persist-tun
ping-timer-rem
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
remote ec2-50-17-124-16.compute-1.amazonaws.com 1194
resolv-retry infinite
verb 7
I'm basically following this guide http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html and still, when I open the vpn connection on the client side I don't get all my traffic to be redirected through the vpn server.
I do this on my home Wifi, because I don't trust WEP/WPA. The relevant setting on my OpenVPN server is:
That tells the client "I want you to route all your traffic through me". From there, I can deal with the traffic on the server as I would any other traffic that I need to route.
The only caveat is that you need to remove or deprioritise the default route that the DHCP server might send (if you're using dynamic config); I just have a post-up rule in
/e/n/interfaces
that deletes the default route that the DHCP server sends, since it's useless anyway, but you could also configure your DHCP server not to send it at all (I used to use dnsmasq, which got shirty if it couldn't send a default route, hence my hack; now I've run away from it, I should probably reconfigure ISC DHCP to do the right thing and not send the default route at all).