Open alaa2003 opened 6 years ago
I assume you are running udp2raw and OpenVPN client on a linux host, and the host is not a virtual machine.
how can i forward all traffic in client side , all traffic go through openvpn?? i think you said we should add "redirect-gateway" , but where we put that parameter server or client & what is full line we should add?
Add redirect-gateway def1
to openvpn client conf
ip route add 44.55.66.77 via 44.55.66.1 how can add that line inside openvpn client config instead of enter it manually?
You cant. You have to add it manually, or write a script for it.
ip route add 44.55.66.77 dev XXX XXX = eth0 or virtual TAP device card which related to openvpn ?
Typically eth0.
Here is an example:
I ran ip route
on my openvpn client side,the output is :
root@raspberrypi:/home/pi# ip route
default via 192.168.200.1 dev eth0 metric 202
10.222.2.1 dev tun100 proto kernel scope link src 10.222.2.2
192.168.100.0/24 dev wlan0 proto kernel scope link src 192.168.100.1
192.168.200.0/24 dev eth0 proto kernel scope link src 192.168.200.205 metric 202
there is a line containing "default" :
default via 192.168.200.1 dev eth0 metric 202
then I should add a route exception by entering ip route add <my_server_ip> via 192.168.200.1 dev eth0
or ip route add <my_server_ip> via 192.168.200.1
for short.(you usually can omit the dev XXX
)
i hope you give full config for both sides server + client which allow route all traffic
The only difference of openvpn conf is to add redirect-gateway def1
to openvpn client conf.
And the route exception step has to be added maually, so I cant give you a full conf that works directly
===update=== You may also need to enable ipforward and SNAT(MASQUERADE) at your server side. For example:
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.222.0.0/16 ! -d 10.222.0.0/16 -j MASQUERADE
But this is not related to udp2raw/OpenVPN, for any VPN, no matter you use udp2raw or not, to redirect traffic, you always need to enable ipforward and SNAT.
Thanks for great explain
my server IP: 178.33.101.38
Client:
1- added redirect-gateway def1
to openvpn client conf
2- ip route result before / after run openvpn & add route exception
seems eating traffic stopped but still no traffic route via openvpn!
Server: i applied both of 2 mentioned commands of enable ipforward and SNAT(MASQUERADE) iptables:
i tried client at two different debian x64 & raspbx raspberrypi where is issue?
Hi, can you make traffic-redirection work when you are using OpenVPN alone(without udp2raw involved) ?
hi
i tried to connect using openvpn alone without udp2raw, when ping yahoo.com i got " destination host prohibited" , so issue seems related to iptables at server
i could solve issue with following:
@ server:
1- i flushed iptables (clean all chains/rules)
iptables --flush
2- enable MASQUERADE /SNAT using your magic command
iptables -t nat -A POSTROUTING -s 10.222.0.0/16 ! -d 10.222.0.0/16 -j MASQUERADE
service iptables save
i can show content:
cat /etc/sysconfig/iptables
@ client:
add route as you mentioned:
ip route add 178.33.101.38 via 192.168.2.1 dev eth0
178.33.101.38 is my public server IP 192.168.2.1 my mikrotik router
you said i can not add route command automatically inside openvpn client config so should write script, i found way to add route inside ovpn client config which add route automatically once ovpn client connected and delete it auto once disconnect:
route <my_server_ip> 255.255.255.255 net_gateway
example:
after openvpn client connected
mtr google.com
in case worked with you credits to alaa2003 ))))
1- i flushed iptables (clean all chains/rules) iptables --flush
This wont work as you expected, to clean all rules in all tables, you need to run :
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
you said i can not add route command automatically inside openvpn client config so should write script, i found way to add route inside ovpn client config which add route automatically once ovpn client connected and delete it auto once disconnect: route
255.255.255.255 net_gateway
thank you for mention that, looks like that also works.
i tried to connect using openvpn alone without udp2raw, when ping yahoo.com i got " destination host prohibited" , so issue seems related to iptables at server
I think your iptables is blocking ip forward. Try the commands above to clear all iptables rules.
cool, thanks a lot for great points >> How to run udp2raw binary as service in linux for both server and client ? may load parameters from configuration file for easy ! this will help to run it in background and when linux starts too do not forget to add monitoring log :)
How to run udp2raw binary as service in linux for both server and client ? this will help to run it in background and when linux starts too do not forget to add monitoring log :)
Hi, there is currently no service wrapper for udp2raw. You can do it by yourself with scripts.
may load parameters from configuration file for easy
Take a look at --conf
option.
Hello & good morning -- i configured both server + client for udp2raw as you explained also configured udp2raw + openvpn followed guide: https://github.com/wangyu-/udp2raw-tunnel/blob/master/doc/openvpn_guide.md -- i used your openvpn config for both server+client -- i can ping 10.222.2.1 from client side
how can i forward all traffic in client side , all traffic go through openvpn?? i think you said we should add "redirect-gateway" , but where we put that parameter server or client & what is full line we should add? ip route add 44.55.66.77 via 44.55.66.1 how can add that line inside openvpn client config instead of enter it manually? ip route add 44.55.66.77 dev XXX XXX = eth0 or virtual TAP device card which related to openvpn ? also how can add it manually inside ovpn client config
because why try to add redirect-gateway it eat all traffic then udp2raw tunnel disconnect
i hope you give full config for both sides server + client which allow route all traffic
here are my full config: Server: udp2raw: server.conf iptables
after run:
client: debian 8.8 x64 udp2raw: ovpn client:
iptables