Hello,
I have configured my openvpn server with access rules (with the howto) but if i enable the POSTROUTING iptables rules, all subnet are available and not only one IP of the machine that i define, but if i delete POSTROUTING iptables rules, client can connect through the tunnel but don't have access to subnet or the machine IP that i define.
Here's my iptables -L :
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 10.35.15.4/32
ACCEPT all -- 10.8.1.0/24 10.35.0.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
The 10.8.0.0/24 is the subnet forwarded only to the file server, the 10.35.15.4 for client only
The 10.8.1.0/24 is the subnet forwarded all subnet 10.35.0.0 for admin only
Here's my server.conf :
port 1194
proto udp
dev tun0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/ech-ovpn.crt
key /etc/openvpn/easy-rsa/keys/ech-ovpn.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
route 10.8.1.0 255.255.255.0
push "route 10.35.0.0 255.255.240.0"
#push "redirect-gateway def1"
#push "dhcp-option DNS 10.35.15.13"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
client-config-dir ccd
#crl-verify /etc/openvpn/easy-rsa/keys/crl.pem
status openvpn-status.log
log-append /var/log/openvpn.log
verb 5
Thank you
Client access rules problem
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech