But pings Client to Server and vice versa work regardless whether pinging the tunnel address or the host adapter address.
I didn't expect that because I haven't pushed the local network across the tunnel from the server. I thought using
Code: Select all
--push "redirect-gateway def1"
How do I force the client's IP traffic to use only the tun0 adapter? All help appreciated. Thank you.
Client command line to start the VPN
Code: Select all
sudo openvpn --remote 192.168.58.10 --dev tun0 --ifconfig 10.4.0.1 10.4.0.2 --tls-client --ca ca.crt --cert client.crt --key client.key
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.58.1 0.0.0.0 UG 100 0 0 enp0s3
10.4.0.2 * 255.255.255.255 UH 0 0 0 tun0
link-local * 255.255.0.0 U 1000 0 0 enp0s3
192.168.58.0 * 255.255.255.0 U 100 0 0 enp0s3
Code: Select all
sudo openvpn --remote 192.168.58.5 --dev tun0 --ifconfig 10.4.0.2 10.4.0.1 --tls-server --dh dh2048.pem --ca ca.crt --cert server.crt --key server.key --push "redirect-gateway def1"
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.58.1 0.0.0.0 UG 0 0 0 enp0s3
10.4.0.1 * 255.255.255.255 UH 0 0 0 tun0
192.168.58.0 * 255.255.255.0 U 0 0 0 enp0s3
iptables on both hosts are
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination