Though the VPN client successfully connects to the OpenVPN server, it seems to be setting an incorrect and bogus gateway no matter what permutations of push "redirect-gateway local def1"
and/or push "route 10.240.0.0 255.255.0.0"
are placed/commented/uncommented in the server.conf file.
The server.conf file has this declaration server 10.8.0.0 255.255.255.0
, and indeed the server gets assigned 10.8.0.1
, but for some reason the client interprets messages sent during the VPN initiation that it should route traffic through a default gateway is assigned at 10.8.0.5
. According to Wireshark any subsequent packets get sent to 10.8.0.5 and never receive any responses, as though these packets make it to the VPN TCP endpoint, it seems they never make it to the server's tun0 interface (acording to tcpdump
on the server.
Here are the relevant lines of the OpenVPN client (Tunnelblick) log indicating the routing table change immediately after successfully connecting to the VPN:
2015-12-11 02:25:18 /sbin/ifconfig utun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2015-12-11 02:25:18 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -pxxxxxxxxxxx utun0 1500 1543 10.8.0.6 10.8.0.5 init
**********************************************
Start of output from client.up.tunnelblick.sh
No network configuration changes need to be made.
Will NOT monitor for other network configuration changes.
DNS servers '8.8.8.8 208.67.222.222' will be used for DNS queries when the VPN is active
The DNS servers include only free public DNS servers known to Tunnelblick.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
add net 104.196.7.35: gateway 192.168.0.1
add net 0.0.0.0: gateway 10.8.0.5
add net 128.0.0.0: gateway 10.8.0.5
add net 10.240.0.0: gateway 10.8.0.5
add net 10.8.0.0: gateway 10.8.0.5
2015-12-11 02:25:20 Initialization Sequence Completed
Is there any way I can force OpenVPN to send the correct information to the client? Or am I wrong and is there another reason packets correctly sent to the OpenVPN TCP port are not making it to the tun0
interface on the OpenVPN server?