I just installed openvpn on my server and my client. It seems to work fine.
Now, I would like to route all the traffic from my client through my VPN server, over internet, on demand, just in some cases, NOT ALWAYS !
my client <-> routeur <-> internet <-> vpn server
192.168.5.3 192.168.5.1 public IP
192.168.100.6 <------- vpn --------> 192.168.100.1
I'm able to route the traffic to an IP address (google) and ping it:
# ip route add 142.251.209.46 dev tun0 && ping -c 4 142.251.209.46 && ip route del 142.251.209.46 dev tun0
PING 142.251.209.46 (142.251.209.46) 56(84) octets de données.
64 octets de 142.251.209.46 : icmp_seq=1 ttl=107 temps=176 ms
64 octets de 142.251.209.46 : icmp_seq=2 ttl=107 temps=176 ms
64 octets de 142.251.209.46 : icmp_seq=3 ttl=107 temps=176 ms
64 octets de 142.251.209.46 : icmp_seq=4 ttl=107 temps=205 ms
--- statistiques ping 142.251.209.46 ---
4 paquets transmis, 4 reçus, 0 % paquets perdus, temps 3004 ms
rtt min/moy/max/mdev = 175,987/183,345/204,848/12,415 ms
But when I try to route all the traffic, with
ip route add default dev tun0
I can't ping anything on internet. And
# ip route add default via 192.168.100.1
Error: Nexthop has invalid gateway.
# ip route add default via 192.168.100.1 dev tun0
Error: Nexthop has invalid gateway.
I tried a lot of ways without any success.
# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether a8:a1:59:53:9b:9e brd ff:ff:ff:ff:ff:ff
inet 192.168.5.3/24 brd 192.168.5.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::aaa1:59ff:fe53:9b9e/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/sit 0.0.0.0 brd 0.0.0.0
6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 192.168.100.6 peer 192.168.100.5/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::9295:73d5:f4b0:b892/64 scope link stable-privacy proto kernel_ll
valid_lft forever preferred_lft forever
# ip route list
default via 192.168.5.1 dev eth0 metric 2
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.3
192.168.100.1 via 192.168.100.5 dev tun0
192.168.100.5 dev tun0 proto kernel scope link src 192.168.100.6
after reboot without vpn:
# ip route list
default via 192.168.5.1 dev eth0 metric 2
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.3
In case my request is not clear enough for everyone, I will clarify.
I want to route all traffic from my client to the VPN server WHEN I DECIDE TO.
I want to be able to open a terminal, type an ip route...
command and have all the traffic pass through the VPN, then open my terminal again type another ip route...
command and have all the traffic go through my gateway again.
That's all.
openvpn conf server:
tls-server
port 12112
proto udp
dev tun
ca keys/ca.crt
cert keys/vps1.crt
key keys/vps1.key
dh keys/dh.pem
server 192.168.100.0 255.255.255.0
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
keepalive 10 120
user nobody
group nobody
status openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 4
openvpn conf client:
client
dev tun
proto udp
remote SERVER_IP 12112
resolv-retry 30
nobind
persist-key
persist-tun
ca keys/ca.crt
cert keys/client.crt
key keys/client.key
script-security 2
log /var/log/openvpn/openvpn.log
verb 4
192.168.100.1 via 192.168.100.5
looks weird. Could you provide a cleanip route list
after a reboot? With and without VPN active.ip route...
command to do what I want please?