When I come home with that laptop and connect to my home LAN, directly to that router over wifi, I lose internet access. Chrome gives me "DNS_PROBE_FINISHED_BAD_CONFIG". What's happening is the OpenVPN service runs automatically on startup when (as expected). I'm absolutely okay with that, I just want to fix my config so that it will allow me to connect to the VPN locally with internet access and obviously not breaking what does work remotely. I could just disable the OpenVPN service whenever i'm home, but that's not an option. I don't want to do that every day (or multiple times a day in many cases). The question: What can I add to my configuration that will allow the VPN connection to work either remotely or locally so that I don't have to manually change stuff all the time? It's worth noting that the VPN does work locally in every aspect except getting to the internet.
I know there are other DNS-related commands out there that I could use in my server config, but I'm hesitant to throw a bunch of stuff in there because everything worked flawlessly when connecting remotely (even routing all internet traffic through the tunnel). What suggestions do you have?
Code: Select all
push "route 192.168.1.0 255.255.255.0" server 192.168.66.0 255.255.255.0 push "redirect-gateway def1" port 1194 dev tun0 proto tcp keepalive 10 120 client-to-client cipher AES-128-CBC comp-lzo dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem management localhost 5001
Code: Select all
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 3749 593K ACCEPT tcp -- any any anywhere anywhere tcp dpt:1194 2947 405K ACCEPT 0 -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 DROP udp -- vlan2 any anywhere anywhere udp dpt:route 0 0 DROP udp -- br0 any anywhere anywhere udp dpt:route 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:route 0 0 ACCEPT icmp -- vlan2 any anywhere anywhere 50 1800 DROP igmp -- any any anywhere anywhere 1 61 ACCEPT 0 -- lo any anywhere anywhere state NEW 1369 96299 ACCEPT 0 -- br0 any anywhere anywhere state NEW 213 62294 DROP 0 -- any any anywhere anywhere Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2051 153K ACCEPT 0 -- tun0 br0 anywhere anywhere 3418 4242K ACCEPT 0 -- br0 tun0 anywhere anywhere 84051 6852K ACCEPT 0 -- any any 192.168.1.0/24 anywhere 877 126K ACCEPT 0 -- any any 192.168.66.0/24 anywhere 0 0 ACCEPT gre -- any vlan2 192.168.1.0/24 anywhere 0 0 ACCEPT tcp -- any vlan2 192.168.1.0/24 anywhere tcp dpt:1723 166K 218M lan2wan 0 -- any any anywhere anywhere 246 12740 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 166K 218M ACCEPT 0 -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT 0 -- br0 br0 anywhere anywhere 0 0 TRIGGER 0 -- vlan2 br0 anywhere anywhere TRIGGER type:in match:0 relate:0 0 0 trigger_out 0 -- br0 any anywhere anywhere 0 0 ACCEPT 0 -- br0 any anywhere anywhere state NEW 0 0 DROP 0 -- any any anywhere anywhere
Code: Select all
remote dynDNS 1194 client remote-cert-tls server dev tun0 proto tcp resolv-retry infinite nobind persist-key persist-tun float ca ca.crt cert laptop1.crt key laptop1.key ns-cert-type server cipher AES-128-CBC comp-lzo verb 4