VPC1: ipv4 CIDR 172.44.0.0/16
Subnets(All public):
- 172.44.1.0/24 [Main subnet] (This has the route table below)
- 172.44.2.0/24
- 172.44.0.0/24
Route Table:
- 172.30.0.0/16 local Active No
- 0.0.0.0/0 igw-60f33005 Active No
+ Virtual Private Gateway - Route Propagation = Yes
Internet Gateway setup for VPC1
NAT Gateway:
- 34.110.17.48 (THIS IS NOT THE ACTUAL IP) 172.44.1.117 VPC1 [Main Subnet]subnet-7xxxxx
EC2 Info:
Instance:
- Elastic ip: 28.14.134.60 (THIS IS NOT THE ACTUAL IP)
SG->
- Custom UDP Rule UDP 1194 0.0.0.0/0
- SSH TCP 22 0.0.0.0/0
- All ICMP - IPv4 All N/A 0.0.0.0/0
Server.conf
Code: Select all
port 1194
proto udp
dev tun
server 172.44.0.0 255.255.0.0
push "route 28.14.134.60 255.255.0.0"
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key 0
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
cipher AES-256-CBC
auth SHA512
ifconfig-pool-persist ipp.txt
keepalive 15 60
comp-lzo adaptive
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
max-clients 100
user nobody
group nogroup
key-direction 0
# Add route to Client routing table for the OpenVPN Server
push "route 172.44.0.0 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
# This is probably wrong
push "route 10.8.0.0 255.255.0.0"
- ufw allow 1194/udp
- ufw allow OpenSSH
vim /etc/ufw/before.rules
Code: Select all
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to wlp11s0 (change to the interface you discovered!)
-A POSTROUTING -s 172.44.0.0/16 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
...
What I need help with is confirming the setup of the gateways and routing. Any tips hints or full corrections would be welcome!!