Force All Traffic through OpenVPN

Murus
Post Reply
antiguasky
Posts: 2
Joined: Tue Sep 15, 2015 3:12 pm

Force All Traffic through OpenVPN

Post by antiguasky » Tue Sep 15, 2015 3:33 pm

I'm attempting to set up a profile that will force all network traffic through my OpenVPN adapter. It is not working. I have taken the following steps so far.

1. I've set up a Service that allows OpenVPN to connect on port 1194.
2. I've added that service and DNS to the Managed Outbound Services.
3. I've set up a Group that's a duplicate of Everyone and set its network interface to tun0
4. I've removed Everyone from the allowed groups in All Services and added the duplicate I created to the list.
5. I set up a Group for my local LAN and added it to the allowed groups in All Services.

Does anyone have an idea on what might be missing?

hany
Posts: 479
Joined: Wed Dec 10, 2014 5:20 pm

Re: Force All Traffic through OpenVPN

Post by hany » Thu Sep 17, 2015 11:21 am

it seems you are doing it right, so it's strange it doesn't work.
Can you please send us your Murus configuration file? you can export it to Desktop from Murus "Firewall" menu, then send it to our email info@murus.it.

By the way, assuming your overall settings (murus AND networking AND vpn settings) are correct, you should restart configuring Murus from default configuration, and adding one rule at a time, and constantly checking if vpn is working. You may also want to activate logging (I mean logging passed connections) and monitor PF logs using Console.app and/or Murus Logs Visualizer. This may help you troubleshooting your issue.
Please also verify twice your interface. Are you 100% sure that your vpn client is using "tun0" as interface?

antiguasky
Posts: 2
Joined: Tue Sep 15, 2015 3:12 pm

Re: Force All Traffic through OpenVPN

Post by antiguasky » Thu Sep 17, 2015 11:50 am

Thank you for the help. I just sent the configuration file to you at the address below.

I have already tried to start from the default configuration and do not see anything useful in the PF logs. I'll give the Murus Logs Visualizer a try.

I am pretty sure that the interface is tun0 as I can see it appear and disappear as the VPN is connected and disconnected.

Lichar
Posts: 6
Joined: Thu Jan 07, 2016 9:07 am

Re: Force All Traffic through OpenVPN

Post by Lichar » Fri Jan 08, 2016 9:40 am

HI,

Are you sure your VPN handle the connection through port 1194 ? Check that both tcp and udp are allowed on that port.

Also, if you are using something like DNSCrypt the service "DNS" is not sufficient as it only allows port 53.

If your VPN can't make the connection then you also have to allow outgoing connection to router.

I'll be doing the exact same thing when my command will be passed so I'll come back !

Cheers

Lichar
Posts: 6
Joined: Thu Jan 07, 2016 9:07 am

Re: Force All Traffic through OpenVPN

Post by Lichar » Sat Jan 09, 2016 1:45 pm

Hi,

I successfully made the same setup.

What exactly is not working for you ?

What I've done :

In settings, advance, both first options are checked.
I created two groups : vpn which is a copy of everyone on utun0 interface and dns which defined some dns servers address I use on all interface.
I created a service : OpenVPN which allow port 1194.

I didn't add the "all services" in outbound as it is not necessary.
I add the service dns in outbound in the allowed group.
I add the internet service with vpn in the allowed group. (you shoud do the same for mail & cie..)
I add the OpenVPN service and put everyone in the allowed group.

The order is important.

Post Reply