I have the following server.conf file
Code: Select all
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_M8Zr3vqhOmNvjqgu.crt
key server_M8Zr3vqhOmNvjqgu.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
Code: Select all
root@ip-172-31-8-204:/etc/openvpn# systemctl status openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: active (exited) since Sun 2023-11-12 04:39:21 UTC; 9min ago
Process: 3449 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 3449 (code=exited, status=0/SUCCESS)
CPU: 996us
Nov 12 04:39:21 ip-172-31-8-204 systemd[1]: Starting OpenVPN service...
Nov 12 04:39:21 ip-172-31-8-204 systemd[1]: Finished OpenVPN service.
And lastly you can see the output from the client connection:
Code: Select all
┌──(kali㉿kali)-[~]
└─$ sudo openvpn /etc/openvpn/client.ovpn
[sudo] password for kali:
2023-11-11 23:47:13 Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client.ovpn:19: block-outside-dns (2.6.3)
2023-11-11 23:47:13 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2023-11-11 23:47:13 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-11-11 23:47:13 library versions: OpenSSL 3.0.10 1 Aug 2023, LZO 2.10
2023-11-11 23:47:13 DCO version: N/A
2023-11-11 23:47:13 TCP/UDP: Preserving recently used remote address: [AF_INET]18.117.152.54:1194
2023-11-11 23:47:13 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-11-11 23:47:13 UDPv4 link local: (not bound)
2023-11-11 23:47:13 UDPv4 link remote: [AF_INET]18.117.152.54:1194
2023-11-11 23:47:13 TLS: Initial packet from [AF_INET]18.117.152.54:1194, sid=936b76ff bc6c0718
2023-11-11 23:47:13 VERIFY OK: depth=1, CN=cn_D1TeG2hELCD3vXkZ
2023-11-11 23:47:13 VERIFY KU OK
2023-11-11 23:47:13 Validating certificate extended key usage
2023-11-11 23:47:13 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-11-11 23:47:13 VERIFY EKU OK
2023-11-11 23:47:13 VERIFY X509NAME OK: CN=server_M8Zr3vqhOmNvjqgu
2023-11-11 23:47:13 VERIFY OK: depth=0, CN=server_M8Zr3vqhOmNvjqgu
2023-11-11 23:47:14 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit ECprime256v1, signature: ecdsa-with-SHA256
2023-11-11 23:47:14 [server_M8Zr3vqhOmNvjqgu] Peer Connection Initiated with [AF_INET]18.117.152.54:1194
2023-11-11 23:47:14 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-11-11 23:47:14 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-11-11 23:47:14 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
2023-11-11 23:47:14 OPTIONS IMPORT: --ifconfig/up options modified
2023-11-11 23:47:14 OPTIONS IMPORT: route options modified
2023-11-11 23:47:14 OPTIONS IMPORT: route-related options modified
2023-11-11 23:47:14 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-11-11 23:47:14 net_route_v4_best_gw query: dst 0.0.0.0
2023-11-11 23:47:14 net_route_v4_best_gw result: via 10.0.2.1 dev eth0
2023-11-11 23:47:14 ROUTE_GATEWAY 10.0.2.1/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:e2:02:17
2023-11-11 23:47:14 TUN/TAP device tun0 opened
2023-11-11 23:47:14 net_iface_mtu_set: mtu 1500 for tun0
2023-11-11 23:47:14 net_iface_up: set tun0 up
2023-11-11 23:47:14 net_addr_v4_add: 10.8.0.2/24 dev tun0
2023-11-11 23:47:14 net_route_v4_add: 18.117.152.54/32 via 10.0.2.1 dev [NULL] table 0 metric -1
2023-11-11 23:47:14 net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2023-11-11 23:47:14 net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2023-11-11 23:47:14 Initialization Sequence Completed
2023-11-11 23:47:14 Data Channel: cipher 'AES-128-GCM', peer-id: 0
2023-11-11 23:47:14 Timers: ping 10, ping-restart 120
2023-11-11 23:47:14 Protocol options: explicit-exit-notify 1
#### EDIT ####
As you can see I can ping, but I am not able to resolve DNS addresses:
Code: Select all
┌──(kali㉿kali)-[~]
└─$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=114 time=46.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=114 time=46.2 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=114 time=44.5 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=114 time=45.7 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 44.543/45.615/46.165/0.642 ms
┌──(kali㉿kali)-[~]
└─$ nslookup google.com
;; communications error to 192.168.2.1#53: timed out
^C
┌──(kali㉿kali)-[~]
└─$ dig google.com
;; communications error to 192.168.2.1#53: timed out
^C
I am getting the following log in the /var/log/syslog file:
client/174.94.65.33:63101 SENT CONTROL [client]: 'PUSH_REPLY,dhcp-option DNS 172.31.0.2,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)