By default, openvpn traffic only local network traffic through vpn. We can config openvpn client to route all ipv4 traffic through vpn, such as the advanced option in
tunnelblick. However, some other vpn clients like zerotier, whose client is not sound enough, thus we have to route these traffic manually.
Supposing vpn gateway is 10.1.1.1, whose public network address is 18.104.22.168.
- Traffic 22.214.171.124⁄32 through our default gateway,
- Traffic 0.0.0.0/1 and 126.96.36.199/1 through vpn gateway
we can use the following commands
route add 188.8.131.52/32 192.168.1.1 ## assuming 192.168.1.1 is out local network gateway route add 0.0.0.0/1 10.1.1.1 route add 184.108.40.206/1 10.1.1.1
route add -net 220.127.116.11 netmask 255.255.255.255 gw 192.168.1.1 route add -net 0.0.0.0 netmask 18.104.22.168 gw 10.1.1.1 route add -net 22.214.171.124 netmask 126.96.36.199 gw 10.1.1.1
In any case, we can’t omit route vpn public address through default gateway.
In zerotier, we can get supernodes with command
zerotier-cli listpeers, supernodes are listed with supernode suffix.
When we have finished these steps, however, network connection is lost in turn. Perhaps, we haven’t config vpn the redirect network traffic. In openvpn, we should add the follwing directives to server configuration file, which means the clients will redirect all their traffic through vpn. By default, it’s not enabled.
push "redirect-gateway def1 bypass-dhcp"
then config nat iptables to masquerade traffic
iptables -t nat -A POSTROUTING -s 10.1.1.1/24 -o eth0 -j MASQUERADE
We assume the vpn subnet is 10.1.1.1⁄24.
The following is the guide to config openvpn server on debian