By default, the setup guide described here if you follow the simple server and simple client setup instructions will get you a connection to your VPN server that allows you to tunnel connections through to your VPN server itself, but without any additional settings, you won’t be able to route all your traffic through the VPN.
There’s a number of other steps described in the Advanced section, but from trial and error I’ve found these are the minimum you need.
First, on your Ubuntu server, you need to enable ip_forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Next, you need to enable a forwarding rule for your iptables firewall so that traffic on your 10.8.0.0 network used (by default) on your VPN connection gets routed through from the tun0 interface to the eth0 interface:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Lastly, add this command to your /etc/openvpn/server.conf file to force all traffic from the client to get directed to the VPN server:
push "redirect-gateway def1 bypass-dhcp"
Restart your OpenVPN service:
/etc/init.d/openvpn restart
Now you should be good. You can test where your traffic is going by doing a traceroute to a server (www.google.com for example) before and after starting your OpenVPN connection and you should be able to see your traffic going via two different routes.
Thanks!
Now it works
Thanks for the post Kevin – very useful
Thanks for this post! I am running a client in an ubuntu vm (in a subnet 192.169.0.0/24)
server is in a 10.0.101.0/24 subnet
the client, and others in the 192.169.x subnet can ping anything in the 10.x subnet, and anything in the 10.x subnet can ping the client.
but others in the 10.x subnet and vpn server cannot ping others in the 192.169.x subnet.
I’m attempting to add the iptables rule in the ubuntu 18.04 client as you describe, but it doesn’t seem to update.
user@ubuntu:~$ sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o ens33 -j MASQUERADE
user@ubuntu:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination