OpenVPN Configuration: #Redirecting Client Traffic via VPN Gateway for Enhanced Security.

yannick Coffi -


This is a series of posts focusing on useful OpenVPN server configuration options such as: #the use of secure cryptographic algorithms; #client-to-client communication and so forth …

Ensure that all options are included and saved in your OpenVPN server configuration file. ie: /etc/openvpn/server.conf

🎧

In an OpenVPN configuration, the push "redirect-gateway def1 bypass-dhcp" directive controls how client traffic is routed through the VPN.

By using this setting, the server directs clients to route all internet traffic through the VPN while ensuring that DHCP traffic is handled locally.


Add those lines to your configuration file:

# Redirect all client internet traffic through VPN
push "redirect-gateway def1 bypass-dhcp"

In this instance:

  • push is the directive used to send configuration parameters to the client. In this case, it instructs clients to modify their routing tables to redirect their traffic through the VPN.
  • redirect-gateway is used to route all client traffic through the VPN. It effectively makes the VPN server act as the gateway for the client's internet traffic, providing additional security and anonymity.
  • def1 modifies the default gateway route to be more specific, ensuring that traffic is correctly routed through the VPN without interfering with existing routes. It helps to avoid conflicts with other routes on the client machine by altering the default route in a way that doesn’t completely override the client’s existing routing table. 
    bypass-dhcp ensures that DHCP traffic is not routed through the VPN. It is particularly useful in environments where the client needs to use local network DHCP services or where routing DHCP traffic through the VPN could cause issues.




Adding this directive to the OpenVPN server configuration file ensures that all client internet traffic is routed through the VPN tunnel, effectively using the VPN server as the gateway for external connections. This setup enhances security by encrypting the client’s internet traffic and hiding their real IP address. Additionally, the bypass-dhcp option allows the client to continue receiving DHCP information from the local network, ensuring local network functionality while the VPN is active.

We hope this was of great use!