Ensuring all traffic goes over an OpenVPN connection

By default, the setup guide described here if you follow the simple server and simple client setup instructions will get you a connection to your VPN server that allows you to tunnel connections through to your VPN server itself, but without any additional settings, you won’t be able to route all your traffic through the VPN.

There’s a number of other steps described in the Advanced section, but from trial and error I’ve found these are the minimum you need.

First, on your Ubuntu server, you need to enable ip_forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

Next, you need to enable a forwarding rule for your iptables firewall so that traffic on your 10.8.0.0 network used (by default) on your VPN connection gets routed through from the tun0 interface to the eth0 interface:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Lastly, add this command to your /etc/openvpn/server.conf file to force all traffic from the client to get directed to the VPN server:

push "redirect-gateway def1 bypass-dhcp"

Restart your OpenVPN service:

/etc/init.d/openvpn restart

Now you should be good. You can test where your traffic is going by doing a traceroute to a server (www.google.com for example) before and after starting your OpenVPN connection and you should be able to see your traffic going via two different routes.

Setting up your own VPN server on Ubuntu Server

There’s a few steps involved to get this working, but this article covers all you need to get a VPN server running on Ubuntu:

https://help.ubuntu.com/12.04/serverguide/openvpn.html

 

To configure a Windows VPN client, I used the OpenVPN windows client, but removed these sections from the example client config file based on other article posts related to some errors I was getting. First, removing these lines removed the userid/password prompting which I didn’t need because I was using certificates:

auth-user-pass
auth-retry interact

Then this section was causing the client to hang during extablishing the connection – removing these lines got it working for me:

management 127.0.0.1 1194
management-hold
management-query-passwords

Executing multiple commands with sudo

Some commands won’t execute under sudo (e.g. source on Ubuntu), so to execute these commands, or to execute many commands, use ‘sudo -s’ to get a shell session as the root user, then everything you execute after that point until you exit will be under sudo.