Ensuring all traffic goes over an OpenVPN connection

By default, the setup guide described here if you follow the simple server and simple client setup instructions will get you a connection to your VPN server that allows you to tunnel connections through to your VPN server itself, but without any additional settings, you won’t be able to route all your traffic through the VPN.

There’s a number of other steps described in the Advanced section, but from trial and error I’ve found these are the minimum you need.

First, on your Ubuntu server, you need to enable ip_forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

Next, you need to enable a forwarding rule for your iptables firewall so that traffic on your network used (by default) on your VPN connection gets routed through from the tun0 interface to the eth0 interface:

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

Lastly, add this command to your /etc/openvpn/server.conf file to force all traffic from the client to get directed to the VPN server:

push "redirect-gateway def1 bypass-dhcp"

Restart your OpenVPN service:

/etc/init.d/openvpn restart

Now you should be good. You can test where your traffic is going by doing a traceroute to a server (www.google.com for example) before and after starting your OpenVPN connection and you should be able to see your traffic going via two different routes.