Hi,
I am trying to redirect all VPN traffic such that it goes through OpenVPN.
Authentications works fine, client can connect to the VPN.
However my client IP remains unchanged (e.g. when checking it with
www.ipinfo.info <http://www.ipinfo.info/>), i.e. the web traffic is not routed
through my OpenVPN tunnel. Here is my server config (on FreeBSD, OpenVPN 2.4.6):
--
port 1194
proto udp
mode server
tls-server
dev tun
topology subnet
duplicate-cn
push "redirect-gateway def1 bypass-dhcp"
client-to-client
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "route 10.8.0.0 255.255.255.0"
server 10.8.0.0 255.255.255.0
tun-mtu 1500
mssfix
auth sha256
client-to-client
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/phoenix.crt
key /usr/local/etc/openvpn/keys/phoenix.key
dh /usr/local/etc/openvpn/keys/dh4096.pem
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
verb 1
log-append /var/log/openvpn.log
—
Then my corresponding client config on iOS (v3.0.2) looks as follows:
client
dev tun
proto udp
auth sha256
ns-cert-type server
# The remote name as defined in server config
remote A.B.C.D 1194
persist-key
persist-tun
cipher AES-256-CBC
# Allow server to use adaptive compression with push:
comp-lzo
verb 0
resolv-retry 20
<ca>
...
From my perspective this looks fine and I am sure it worked at some stage in
the past. As mentioned before, when connecting authentication works fine but
when the client is surfing the web, the data does not seem to go through the
VPN anymore. The log file looks at from my perspective:
2019-03-04 22:48:39 Contacting [A.B.C.D]:1194/UDP via UDP
2019-03-04 22:48:39 EVENT: WAIT
2019-03-04 22:48:39 Connecting to [A.B.C.D]:1194 (A.B.C.D) via UDPv4
2019-03-04 22:48:39 EVENT: CONNECTING
2019-03-04 22:48:39 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu
1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method
2,tls-client
2019-03-04 22:48:39 Creds: UsernameEmpty/PasswordEmpty
2019-03-04 22:48:39 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
(…)
2019-03-04 22:48:39 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2019-03-04 22:48:39 Session is ACTIVE
2019-03-04 22:48:39 EVENT: GET_CONFIG
2019-03-04 22:48:39 Sending PUSH_REQUEST to server...
2019-03-04 22:48:39 OPTIONS:
0 [redirect-gateway] [def1]
1 [redirect-gateway] [def1] [bypass-dhcp]
2 [dhcp-option] [DNS] [208.67.222.222]
3 [dhcp-option] [DNS] [208.67.220.220]
4 [compress] [lz4-v2]
5 [route] [10.8.0.0] [255.255.255.0]
6 [route-gateway] [10.8.0.1]
7 [topology] [subnet]
8 [ping] [10]
9 [ping-restart] [120]
10 [ifconfig] [10.8.0.2] [255.255.255.0]
11 [peer-id] [0]
12 [cipher] [AES-256-GCM]
2019-03-04 22:48:39 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA256
compress: COMP_STUBv2
peer ID: 0
2019-03-04 22:48:39 EVENT: ASSIGN_IP
2019-03-04 22:48:39 NIP: preparing TUN network settings
2019-03-04 22:48:39 NIP: init TUN network settings with endpoint: A.B.C.D
2019-03-04 22:48:39 NIP: adding IPv4 address to network settings
10.8.0.2/255.255.255.0
2019-03-04 22:48:39 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-03-04 22:48:39 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-03-04 22:48:39 NIP: redirecting all IPv4 traffic to TUN interface
2019-03-04 22:48:39 NIP: adding DNS 208.67.222.222
2019-03-04 22:48:39 NIP: adding DNS 208.67.220.220
2019-03-04 22:48:39 Connected via NetworkExtensionTUN
2019-03-04 22:48:39 Comp-stubV2 init
2019-03-04 22:48:39 EVENT: CONNECTED A.B.C.D:1194 (A.B.C.D) via /UDPv4 on
NetworkExtensionTUN/10.8.0.2/ gw=[/]
Has anyone else seen this problem before? What am I missing in this
configuration to send all traffic through the VPN?
Many thanks for your feedback.
Kind regards
Sebastian
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
