My home network is behind a verizon router. I have my port forwarded to my openvpn server and I can connect to my vpn server just fine but cant seem to figure out how to get past that. I've tried tons of things on this forum and I know I'm missing a route somewhere but just cant seem to figure it out. I think I'm missing a route on my verizon router to map back to the openvpn server but I tried that as well and still didn't work. Configs below. Any help much appreciated.
Openvpn server is Centos 7
Verizon route I added then removed as it made no difference.
Dest 10.8.0.0
mask 255.255.255.0
gw 192.168.x.x (x's are my openvpn server IP)
Metric 2
Server.conf
port xxxx
proto udp
dev tun0
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "route 192.168.x.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status /var/log/myvpn/openvpn-status.log
log-append /var/log/myvpn/openvpn.log
verb 3
Client.ovpn
client
dev tun0
proto udp
remote x.x.x.x xxxx
cipher AES-256-CBC
nobind
persist-key
persist-tun
verb 3
ca ca.crt
cert client.crt
key client.key
iptables (I left some configs I've tried but commented out)
*filter
:INPUT ACCEPT [13:846]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6:777]
#-A INPUT -i tun+ -j ACCEPT (I've tried with and without)
COMMIT
# Completed on Wed Mar 15 21:25:58 2017
# Generated by iptables-save v1.4.21 on Wed Mar 15 21:25:58 2017
*nat
:PREROUTING ACCEPT [881:84167]
:INPUT ACCEPT [831:77918]
:OUTPUT ACCEPT [35:2682]
:POSTROUTING ACCEPT [35:2682]
#-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 192.168.x.x(openvpn server IP) (I've tried with and without)
-A POSTROUTING -s 10.8.0.0/24 -o ens160 -j MASQUERADE
COMMIT
Can get to anything locally behind my open VPN server.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Mar 16, 2017 2:56 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Can get to anything locally behind my open VPN server.
What happens if you use this:Reedler wrote:Server.conf
push "redirect-gateway def1"
Code: Select all
push "redirect-gateway def1 block-local"
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Mar 16, 2017 2:56 pm
Re: Can get to anything locally behind my open VPN server.
This worked great. I've been working on this for days trying to do it myself. I can't thank you enough. Great job!