Sometimes you need to do so that the user, after connecting to VPN, could use the server colocation as a default gateway that is accessed through the Internet. Even if you already have a default gateway. The problem that arises here is: how to make sure that after installing the default gateway, encapsulated in the VPN packets can achieve this same VPN-server? Of course, if all users are in certain circumstances, it is possible to cheat a bunch of scripts that would route to the VPN-server through the old default gateway, but here in OpenVPN option appears, which allows you to automatically adjust routing as expected:
1. Prescribe the route to the VPN-server over the current default gateway.
2. Set a new default gateway through the VPN-server
This option is called the redirect-gateway. If you really decided to distribute internet through OpenVPN, here’s the technique:
In the configuration file, add a client:
dhcp-option DNS <new DNS-server>
On the server set up, respectively, ip forwarding + NAT:
/ Etc / sysctl.conf:
net.ipv4.ip_forward = 1
# Iptables-t nat-I POSTROUTING-s $ VPN_IP_RANGE-o $ INET_IFACE-j SNAT – to-source $ SERVER_EXT_IP
And it works. At least for customers with Windows XP. Not tested with others.