Route All Network Traffic Through VPN

By default, openvpn traffic only local network traffic through vpn. We can config openvpn client to route all ipv4 traffic through vpn, such as the advanced option in tunnelblick. However, some other vpn clients like zerotier, whose client is not sound enough, thus we have to route these traffic manually.


Supposing vpn gateway is, whose public network address is

  • Traffic through our default gateway, important!
  • Traffic and through vpn gateway


we can use the following commands

route add ## assuming is out local network gateway
route add
route add


route add -net netmask gw
route add -net netmask gw
route add -net netmask gw

In any case, we can’t omit route vpn public address through default gateway.

In zerotier, we can get supernodes with command zerotier-cli listpeers, supernodes are listed with supernode suffix.

When we have finished these steps, however, network connection is lost in turn. Perhaps, we haven’t config vpn the redirect network traffic. In openvpn, we should add the follwing directives to server configuration file, which means the clients will redirect all their traffic through vpn. By default, it’s not enabled.

push "redirect-gateway def1 bypass-dhcp"

then config nat iptables to masquerade traffic

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

We assume the vpn subnet is


The following is the guide to config openvpn server on debian

How to Setup and Configure an OpenVPN Server on Debian 6

How to Setup and Configure an OpenVPN Server on Debian 8 jessie

comments powered by Disqus