The basic concept of UN-ENCRYPTED VPN is to route all network packets to the client's TUN interface, where the VPN Client Sofware will read the packets from the TUN interface and write them into a buffer which then will be sent via TCP/UDP connection to the VPN Server. The VPN Server Software writes all data to the server's TUN interface so that it can go to the intended recipient. At this point there are important settings a server must be configured with.
# Server side configuration
sysctl -w net.ipv4.ip_forward=1
iptables -t filter -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE -s <TUN_IP/MASK>The OS has to forward network packets from TUN device to the WAN interface, and apply NAT so that it can properly reply back.
# Client side configuration
ip route dev <tun_name> add 0.0.0.0/1 via <tun_ip>
ip route dev <tun_name> add 128.0.0.0/1 via <tun_ip>These two commands route all network packets to the TUN interface. Because you can't declare 0.0.0.0/0, it has to be declared this way.
# Client side configuration
ip route add <vpn_server_ip> via <gateway_ip>Because previously all network packets are routed to the tunnel, then the VPN Client wouldn't be able to connect to the Vpn Server, This rule will fix that issue.