udp2raw + openVPN redirect full traffic

[alaa2003]

Hello & good morning -- i configured both server + client for udp2raw as you explained also configured udp2raw + openvpn followed guide: https://github.com/wangyu-/udp2raw-tunnel/blob/master/doc/openvpn_guide.md -- i used your openvpn config for both server+client -- i can ping 10.222.2.1 from client side

how can i forward all traffic in client side , all traffic go through openvpn?? i think you said we should add "redirect-gateway" , but where we put that parameter server or client & what is full line we should add? ip route add 44.55.66.77 via 44.55.66.1 how can add that line inside openvpn client config instead of enter it manually? ip route add 44.55.66.77 dev XXX XXX = eth0 or virtual TAP device card which related to openvpn ? also how can add it manually inside ovpn client config

because why try to add redirect-gateway it eat all traffic then udp2raw tunnel disconnect

i hope you give full config for both sides server + client which allow route all traffic

here are my full config: Server: udp2raw: server.conf iptables

after run:

client: debian 8.8 x64 udp2raw: ovpn client:

iptables

[wangyu-]

I assume you are running udp2raw and OpenVPN client on a linux host, and the host is not a virtual machine.

how can i forward all traffic in client side , all traffic go through openvpn?? i think you said we should add "redirect-gateway" , but where we put that parameter server or client & what is full line we should add?

Add redirect-gateway def1 to openvpn client conf

ip route add 44.55.66.77 via 44.55.66.1 how can add that line inside openvpn client config instead of enter it manually?

You cant. You have to add it manually, or write a script for it.

ip route add 44.55.66.77 dev XXX XXX = eth0 or virtual TAP device card which related to openvpn ?

Typically eth0.

Here is an example:

I ran ip route on my openvpn client side，the output is :

root@raspberrypi:/home/pi# ip route
default via 192.168.200.1 dev eth0  metric 202
10.222.2.1 dev tun100  proto kernel  scope link  src 10.222.2.2
192.168.100.0/24 dev wlan0  proto kernel  scope link  src 192.168.100.1
192.168.200.0/24 dev eth0  proto kernel  scope link  src 192.168.200.205  metric 202

there is a line containing "default" : default via 192.168.200.1 dev eth0 metric 202

then I should add a route exception by entering ip route add <my_server_ip> via 192.168.200.1 dev eth0

or ip route add <my_server_ip> via 192.168.200.1 for short.（you usually can omit the dev XXX）

i hope you give full config for both sides server + client which allow route all traffic

The only difference of openvpn conf is to add redirect-gateway def1 to openvpn client conf.

And the route exception step has to be added maually, so I cant give you a full conf that works directly

===update=== You may also need to enable ipforward and SNAT(MASQUERADE) at your server side. For example:

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.222.0.0/16 ! -d 10.222.0.0/16 -j MASQUERADE

But this is not related to udp2raw/OpenVPN, for any VPN, no matter you use udp2raw or not, to redirect traffic, you always need to enable ipforward and SNAT.

[alaa2003]

Thanks for great explain my server IP: 178.33.101.38 Client: 1- added redirect-gateway def1 to openvpn client conf 2- ip route result before / after run openvpn & add route exception seems eating traffic stopped but still no traffic route via openvpn!

Server: i applied both of 2 mentioned commands of enable ipforward and SNAT(MASQUERADE) iptables:

i tried client at two different debian x64 & raspbx raspberrypi where is issue?

[wangyu-]

Hi, can you make traffic-redirection work when you are using OpenVPN alone(without udp2raw involved) ?

[alaa2003]

hi i tried to connect using openvpn alone without udp2raw, when ping yahoo.com i got " destination host prohibited" , so issue seems related to iptables at server i could solve issue with following: @ server: 1- i flushed iptables (clean all chains/rules) iptables --flush 2- enable MASQUERADE /SNAT using your magic command iptables -t nat -A POSTROUTING -s 10.222.0.0/16 ! -d 10.222.0.0/16 -j MASQUERADE service iptables save i can show content: cat /etc/sysconfig/iptables @ client: add route as you mentioned: ip route add 178.33.101.38 via 192.168.2.1 dev eth0

178.33.101.38 is my public server IP 192.168.2.1 my mikrotik router

you said i can not add route command automatically inside openvpn client config so should write script, i found way to add route inside ovpn client config which add route automatically once ovpn client connected and delete it auto once disconnect: route <my_server_ip> 255.255.255.255 net_gateway example: after openvpn client connected

mtr google.com

in case worked with you credits to alaa2003 ))))

[wangyu-]

1- i flushed iptables (clean all chains/rules) iptables --flush

This wont work as you expected, to clean all rules in all tables, you need to run :

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

you said i can not add route command automatically inside openvpn client config so should write script, i found way to add route inside ovpn client config which add route automatically once ovpn client connected and delete it auto once disconnect: route 255.255.255.255 net_gateway

thank you for mention that, looks like that also works.

i tried to connect using openvpn alone without udp2raw, when ping yahoo.com i got " destination host prohibited" , so issue seems related to iptables at server

I think your iptables is blocking ip forward. Try the commands above to clear all iptables rules.

[alaa2003]

cool, thanks a lot for great points >> How to run udp2raw binary as service in linux for both server and client ? may load parameters from configuration file for easy ! this will help to run it in background and when linux starts too do not forget to add monitoring log :)

[wangyu-]

How to run udp2raw binary as service in linux for both server and client ? this will help to run it in background and when linux starts too do not forget to add monitoring log :)

Hi, there is currently no service wrapper for udp2raw. You can do it by yourself with scripts.

may load parameters from configuration file for easy

Take a look at --conf option.