Results 1 to 1 of 1
  1. #1
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,520

    Lightbulb Routing all Internet traffic through OpenVPN

    There is a trick to routing all client Internet traffic to an OpenVPN server, because you can't.
    The traffic to the server has to make it out.

    So the magic is to FIRST set up a more specific route to the server, like this:
    specific route 124.png
    In this case, the client NGFW is inside another router's network. You could set the next hop as the external interface, if NGFW was on the edge.


    Then, the Client Config file needs to be edited before uploading it to the client instance of NGFW.

    Code:
    client
    resolv-retry 20
    keepalive 10 60
    nobind
    mute-replay-warnings
    remote-cert-tls server
    compress lz4
    verb 1
    persist-key
    persist-tun
    explicit-exit-notify 1
    dev tun
    auth-user-pass
    proto udp
    port 1194
    route 0.0.0.0 128.0.0.0
    route 128.0.0.0 128.0.0.0
    cipher AES-128-CBC

    OpenVPN documentation recommends these two routes, because they are slightly more specific than the default, so it will be overridden, rather than obliterated. So the routes will look like this:

    routes.png

    The two 'default' routes will be set-up and torn-down with a good VPN connection.

    Other than that, you may want to set up the hosts behind the client NGFW instance with static IP addresses, because it may be tricky getting to the DHCP server, depending on how things are configured.

    Enjoy!
    Last edited by Jim.Alles; 01-27-2020 at 07:51 AM. Reason: DHCP, clarity
    donhwyo likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2