Client access rules problem

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
ovpn123
OpenVpn Newbie
Posts: 1
Joined: Mon Nov 21, 2016 3:16 pm

Client access rules problem

Post by ovpn123 » Mon Nov 21, 2016 3:27 pm

Hello,

I have configured my openvpn server with access rules (with the howto) but if i enable the POSTROUTING iptables rules, all subnet are available and not only one IP of the machine that i define, but if i delete POSTROUTING iptables rules, client can connect through the tunnel but don't have access to subnet or the machine IP that i define.

Here's my iptables -L :

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 10.35.15.4/32
ACCEPT all -- 10.8.1.0/24 10.35.0.0/24

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

The 10.8.0.0/24 is the subnet forwarded only to the file server, the 10.35.15.4 for client only
The 10.8.1.0/24 is the subnet forwarded all subnet 10.35.0.0 for admin only

Here's my server.conf :

port 1194
proto udp
dev tun0

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/ech-ovpn.crt
key /etc/openvpn/easy-rsa/keys/ech-ovpn.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem

server 10.8.0.0 255.255.255.0
route 10.8.1.0 255.255.255.0
push "route 10.35.0.0 255.255.240.0"
#push "redirect-gateway def1"
#push "dhcp-option DNS 10.35.15.13"
ifconfig-pool-persist ipp.txt
keepalive 10 120

comp-lzo
persist-key
persist-tun
client-config-dir ccd
#crl-verify /etc/openvpn/easy-rsa/keys/crl.pem

status openvpn-status.log
log-append /var/log/openvpn.log
verb 5

Thank you

Post Reply