This hack will enable your client machines to basically use the internet entirely through the vpn.

On the server add the following to your openvpn config file:

 push "redirect-gateway def1" 
 push "dhcp-option DNS 192.168.1.1"

If your vpn is for example your home gateway, you’ll definitely want to use the gateway address.
If your vpn server is on a remote server somewhere and it doesn’t run its own dns server or you don’t have a dns server running on the vpn network, you’ll want to just use a public dns server address such as Google’s 8.8.8.8/8.8.4.4

Then on the server, you need to enable forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

And enable masquerading of packets:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE  

Where 10.8.0.0/24 is your vm network and eth0 is the main external interface of the server.

More here: https://wiki.archlinux.org/index.php/OpenVPN#Routingclienttrafficthroughthe_server

Blog Logo

Mario Loria


Published

Image

./scriptthe.net

Because 127.0.0.1 gets old after a while.

Back to Overview