When I come home with that laptop and connect to my home LAN, directly to that router over wifi, I lose internet access. Chrome gives me "DNS_PROBE_FINISHED_BAD_CONFIG". What's happening is the OpenVPN service runs automatically on startup when (as expected). I'm absolutely okay with that, I just want to fix my config so that it will allow me to connect to the VPN locally with internet access and obviously not breaking what does work remotely. I could just disable the OpenVPN service whenever i'm home, but that's not an option. I don't want to do that every day (or multiple times a day in many cases). The question: What can I add to my configuration that will allow the VPN connection to work either remotely or locally so that I don't have to manually change stuff all the time? It's worth noting that the VPN does work locally in every aspect except getting to the internet.
I know there are other DNS-related commands out there that I could use in my server config, but I'm hesitant to throw a bunch of stuff in there because everything worked flawlessly when connecting remotely (even routing all internet traffic through the tunnel). What suggestions do you have?
SERVER CONFIG:
Code: Select all
push "route 192.168.1.0 255.255.255.0"
server 192.168.66.0 255.255.255.0
push "redirect-gateway def1"
port 1194
dev tun0
proto tcp
keepalive 10 120
client-to-client
cipher AES-128-CBC
comp-lzo
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management localhost 5001
Code: Select all
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3749 593K ACCEPT tcp -- any any anywhere anywhere tcp dpt:1194
2947 405K ACCEPT 0 -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 DROP udp -- vlan2 any anywhere anywhere udp dpt:route
0 0 DROP udp -- br0 any anywhere anywhere udp dpt:route
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:route
0 0 ACCEPT icmp -- vlan2 any anywhere anywhere
50 1800 DROP igmp -- any any anywhere anywhere
1 61 ACCEPT 0 -- lo any anywhere anywhere state NEW
1369 96299 ACCEPT 0 -- br0 any anywhere anywhere state NEW
213 62294 DROP 0 -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2051 153K ACCEPT 0 -- tun0 br0 anywhere anywhere
3418 4242K ACCEPT 0 -- br0 tun0 anywhere anywhere
84051 6852K ACCEPT 0 -- any any 192.168.1.0/24 anywhere
877 126K ACCEPT 0 -- any any 192.168.66.0/24 anywhere
0 0 ACCEPT gre -- any vlan2 192.168.1.0/24 anywhere
0 0 ACCEPT tcp -- any vlan2 192.168.1.0/24 anywhere tcp dpt:1723
166K 218M lan2wan 0 -- any any anywhere anywhere
246 12740 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
166K 218M ACCEPT 0 -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT 0 -- br0 br0 anywhere anywhere
0 0 TRIGGER 0 -- vlan2 br0 anywhere anywhere TRIGGER type:in match:0 relate:0
0 0 trigger_out 0 -- br0 any anywhere anywhere
0 0 ACCEPT 0 -- br0 any anywhere anywhere state NEW
0 0 DROP 0 -- any any anywhere anywhere
Code: Select all
remote dynDNS 1194
client
remote-cert-tls server
dev tun0
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
float
ca ca.crt
cert laptop1.crt
key laptop1.key
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 4