Sometimes you need to do so that the user, after connecting to VPN, could use the server colocation as a default gateway that is accessed through the Internet. Even if you already have a default gateway. The problem that arises here is: how to make sure that after installing the default gateway, encapsulated in the VPN packets can achieve this same VPN-server? Of course, if all users are in certain circumstances, it is possible to cheat a bunch of scripts that would route to the VPN-server through the old default gateway, but here in OpenVPN option appears, which allows you to automatically adjust routing as expected:

1. Prescribe the route to the VPN-server over the current default gateway.
2. Set a new default gateway through the VPN-server

This option is called the redirect-gateway. If you really decided to distribute internet through OpenVPN, here’s the technique:

In the configuration file, add a client:
redirect-gateway
dhcp-option DNS <new DNS-server>

On the server set up, respectively, ip forwarding + NAT:
/ Etc / sysctl.conf:
net.ipv4.ip_forward = 1

# Sysctl-p

# Iptables-t nat-I POSTROUTING-s $ VPN_IP_RANGE-o $ INET_IFACE-j SNAT – to-source $ SERVER_EXT_IP

And it works. At least for customers with Windows XP. Not tested with others.