I need to get a variable remote (public server ip from which client connect to openvpn server) from client conf.file to server side in order to use this
one in bash script. I tried push-peer-info - doesn't work for me.. Variables are empty in bash scriptfile. One more option is parcing server.log file with line that contain : Peer Connection Initiated with [AF_INET]87.123.xxx.104:6686 (via [AF_INET]46.36.xxx.110%venet0) and last ip is that I need but this option doesn't fit for me.
How i can make it ?
Openvpn version 2.3.10 ubuntu \ windows 11.9.0.0
Client - Win 10 \ Server - Ubuntu 16.x
my openvpn server.conf :
myclient conf:mode server
port 1194
proto udp
dev tun
multihome
ca ca.crt
cert myservername.crt
key myservername.key
dh dh2048.pem
cipher AES-256-CBC
server 10.9.0.0 255.255.255.0
keepalive 10 120
ifconfig-pool-persist ipp.log
persist-key
persist-tun
client-config-dir /etc/openvpn/easy-rsa/keys
status server-status.log
log /var/log/server.log
script-security 2
client-connect /etc/openvpn/up.sh
comp-lzo
sndbuf 0
rcvbuf 0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
iptables rules:client
dev tun
proto udp
remote 46.36.221.*** 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert pp1.crt
key pp1.key
cipher AES-256-CBC
ns-cert-type server
comp-lzo
log pp1.log
sndbuf 0
rcvbuf 0
And one more problem...:INPUT DROP [5:286]
:FORWARD ACCEPT [564:288911]
:OUTPUT ACCEPT [337:255768]
-A INPUT -p tcp --dport 22 -j LOG --log-prefix " ALERT " --log-level=warning
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.9.0.0/24 -j ACCEPT
-A FORWARD -j REJECT
:PREROUTING ACCEPT [46:20142]
:POSTROUTING ACCEPT [1:67]
:OUTPUT ACCEPT [1:67]
-A POSTROUTING -s 10.9.0.0/24 -j SNAT --to-source 5.45.124.***
I dont know why but logging in iptables doesn't work... Wo know why?