By default OpenVPN only routes traffic to and from the OpenVPN Server. If you need all traffic from a client through the OpenVPN tunnel there are several options listed in the OpenVPN docs (http://openvpn.net/index.php/open-source/documentation/howto.html#redirect). Since I don’t have any control over the server in some cases I needed a client side solution. As I already have ufw running with Ubuntu I wanted to use the existing software.

Here is how to configure ufw to enable routing all traffic from your client machines through the OpenVPN Server.

Forwarding policy

Change default forward policy, edit /etc/sysctl.conf to permanently enable ipv4 packet forwarding. (Note: This will take effect at next boot).

sudo vim /etc/sysctl.conf

# Enable packet forwarding
net.ipv4.ip_forward=1

UFW config

And then configure ufw in /etc/default/ufw
sudo vim /etc/default/ufw

DEFAULT_FORWARD_POLICY="ACCEPT"

UFW before rules

Change /etc/ufw/before.rules to add the following code after the header and before the “*filter” line. Match the IP/subnet mask to the same one as in /etc/openvpn/server.conf.

sudo vim /etc/ufw/before.rules

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

Enable OpenVPN

Open openvpn port 1194
sudo ufw allow 1194

Start UFW

sudo service ufw start

Leo Gaggl

ict business owner specialising in mobile learning systems. interests: sustainability, internet of things, ict for development, open innovation, agriculture

This Post Has 4 Comments

  1. Darren

    Hi. How does one do the server side config to route all traffic from VPN clients?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.