erebe/wstunnel

OpenVPN issue when push "redirect-gateway def1 bypass-dhcp"

Open

#492 opened on Mar 4, 2026

View on GitHub
 (0 comments) (0 reactions) (0 assignees)Haskell (1,803 stars) (196 forks)batch import
help wanted

Description

Describe the goal

I've been able to use redirect-gateway and iptables masquerade rules and port 1194 and it's working. However I need to tunnel. Not behind a proxy and it's all tcp openvpn

Describe what does not work

When wstunnel is running, It connects to vpn yes and even creates tun0 on client but I cannot receive internet or ping 10.8.0.1

Describe your wstunnel setup

  • client wstunnel client -L tcp://127.0.0.1:1194:127.0.0.1:1194 --log-lvl=DEBUG wss://server_hostname.net

client openvpn remote is remote 127.0.0.1 1194

  • server /wstunnel server --tls-certificate fullchain.pem --tls-private-key privkey.pem --restrict-to 127.0.0.1:1194 --log-lvl=DEBUG wss://0.0.0.0:443

Desktop (please complete the following information):

  • OS: server is debian 13, client is arch

Contributor guide

Tech stack
None
Domain
infrastructure
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
half day
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
OpenVPNiptableswstunnel
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
30
Research direction
Investigate how wstunnel's TCP forwarding interacts with OpenVPN's 'redirect gateway' option. Look at the wstunnel source code for handling of TUN/TAP devices or routing. Since there are no comments or PRs, the root cause is unclear; consider testing with different OpenVPN configurations.