Can get to anything locally behind my open VPN server.

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Reedler
OpenVpn Newbie
Posts: 2
Joined: Thu Mar 16, 2017 2:56 pm

Can get to anything locally behind my open VPN server.

Post by Reedler » Thu Mar 16, 2017 3:25 pm

My home network is behind a verizon router. I have my port forwarded to my openvpn server and I can connect to my vpn server just fine but cant seem to figure out how to get past that. I've tried tons of things on this forum and I know I'm missing a route somewhere but just cant seem to figure it out. I think I'm missing a route on my verizon router to map back to the openvpn server but I tried that as well and still didn't work. Configs below. Any help much appreciated.
Openvpn server is Centos 7

Verizon route I added then removed as it made no difference.
Dest 10.8.0.0
mask 255.255.255.0
gw 192.168.x.x (x's are my openvpn server IP)
Metric 2

Server.conf
port xxxx
proto udp
dev tun0
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "route 192.168.x.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status /var/log/myvpn/openvpn-status.log
log-append /var/log/myvpn/openvpn.log
verb 3

Client.ovpn
client
dev tun0
proto udp
remote x.x.x.x xxxx
cipher AES-256-CBC
nobind
persist-key
persist-tun
verb 3
ca ca.crt
cert client.crt
key client.key

iptables (I left some configs I've tried but commented out)
*filter
:INPUT ACCEPT [13:846]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6:777]
#-A INPUT -i tun+ -j ACCEPT (I've tried with and without)
COMMIT
# Completed on Wed Mar 15 21:25:58 2017
# Generated by iptables-save v1.4.21 on Wed Mar 15 21:25:58 2017
*nat
:PREROUTING ACCEPT [881:84167]
:INPUT ACCEPT [831:77918]
:OUTPUT ACCEPT [35:2682]
:POSTROUTING ACCEPT [35:2682]
#-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 192.168.x.x(openvpn server IP) (I've tried with and without)
-A POSTROUTING -s 10.8.0.0/24 -o ens160 -j MASQUERADE
COMMIT
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can get to anything locally behind my open VPN server.

Post by TinCanTech » Thu Mar 16, 2017 6:14 pm

Reedler wrote:Server.conf

push "redirect-gateway def1"
What happens if you use this:

Code: Select all

push "redirect-gateway def1 block-local"
:?:
Top
Reedler
OpenVpn Newbie
Posts: 2
Joined: Thu Mar 16, 2017 2:56 pm

Re: Can get to anything locally behind my open VPN server.

Post by Reedler » Thu Mar 16, 2017 7:15 pm

This worked great. I've been working on this for days trying to do it myself. I can't thank you enough. Great job!
Top
Post Reply

Return to “Configuration”