OpenVPN as internet gateway
It is possible to have OpenVPN act as internet gateway for all OpenVPN client.
Simply make sure the static route in previous page were added to the router.
Also add the line below to the server’s config file (openvpn.conf)
push "redirect-gateway def1"
Adding the line above to server’s config will tells ALL the OpenVPN client to use the OpenVPN server as the default gateway for all traffic. Browse the whatismyip.com from openvpn client’s browser, the IP address shown should be the openvpn server’s IP instead of client’s IP.
If you only want a particular openvpn client to use openvpn server as internet gateway, instead of modifying server’s config, you can add the following to client’s config
Setting which breaking hard disk hibernation
– status /opt/etc/openvpn/jail/log/openvpn-status.log
– ifconfig-pool-persist /opt/etc/openvpn/jail/ipp.txt
Lines above is not essential to have openvpn server running, remark them if you prefer hard disk hibernation.
- all *.key files must keep private!! The ca.key is used for signing certificate only, it is advised to move it to a machine without Internet connection. I put it on my fingerprint usb key.
- you can freely change the ‘common name’ of server and client, for my case, I name my vpn server as server, and vpn client as x40. The file name must match the common name, including the *.crt, *.key and the files under /opt/etc/openvpn/jail/ccd directory
- you can also customize the port number instead of using the default 1194 port number.
- After one week of usage, I figured out that the vpn daemon will crashed itself when the log file hit 2GB of size. Try reducing the log level and write a script to truncate the log periodically.