Can't surf the internet after a successful VPN connection

floatingpurr · March 6, 2025, 11:11am

Hello, I’d need your kind help to troubleshoot a problem with openvpn. A friend of mine has just set up an OpenVPN connection this way:

client
dev tun
remote <MY FRIEND'S IP> 1194 tcp
tun-mtu 1500
tls-client
nobind
user nobody
group nogroup
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
mute-replay-warnings
verb 3
cipher AES-128-CBC
auth SHA1
pull
auth-user-pass
remote-cert-tls server
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>

My friend’s OpenVPN Server sits behind an internet-facing router, where TCP/1194 is forwarded to the relative port of the OpenVPN Server.

I can set a tunnel up and it works. However, I can’t surf the internet. It looks like the traffic is routed through the OpenVPN Server, but then it can’t proceed afterwards:

traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
 1  192.168.10.1 (192.168.10.1)  3.923 ms  3.574 ms  3.406 ms
 2  * * *

My friend has said to me that she regularly surfs the internet using the same configuration.

Any idea about how to troubleshoot this problem?

RentableHarbor4 · March 6, 2025, 11:11am

Remove the “redirect-gateway def1” and it should work
This directive tells the client to redirect all traffic through the VPN server, while your friend might have access because it’s hosting the VPN, not using it

floatingpurr · March 6, 2025, 11:11am

Hi! Thank you for your suggestion. I tried removing “redirect-gateway def1”, but it seems not working.

This directive tells the client to redirect all traffic through the VPN server

Shouldn’t it be correct, anyway?

Here is the routing with active tunnel + redirect-gateway def1:

Internet:

Destination        Gateway            Flags    Netif Expire 
0/1                192.168.10.1       UGScg    utun10 
default            192.168.1.1        UGScg    en5 
default            192.168.10.1       UGScIg   utun10 
<FRIEND'S IP>/32   192.168.1.1        UGSc     en5

Here is the routing with active tunnel without redirect-gateway def1:

Internet:

Destination        Gateway            Flags    Netif Expire 
default            192.168.1.1        UGScg    en5 
default            192.168.10.1       UGScIg   utun10

In the latter case, it looks like all the traffic is routed through my default gateway.