Current Symptoms:
- Local LAN devices can ping remote LAN devices
- Through the Ubuntu server I can SSH into a linux server on the remote LAN and ping anything on the local LAN with no issues
- If I use another computer on my local LAN to SSH into the same linux server above and ping something on local LAN it will work for a minute and then drop the SSH connection.
- If I tell my local Synology to start an rsync with a remote synology it will initially say connected and then fail with 0bytes transferred.
- I do not see the tunnel going up/down, it connects once and is stable.
server
# Listen port
port (some port here)
# OpenVPN server can only listen to one port/protocol at a time. Choose.
;proto udp
proto tcp-server
# TCP is a Connection-Oriented protocol ..
# There is no requirement for --explicit-exit-notify as the TCP protocol handles the
# connection state. If TCP specified above comment next line out.
;explicit-exit-notify 1
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
# with this server always grabs 10.80.0.1
topology "subnet"
push "topology subnet"
server 10.80.0.0 255.255.255.0
# read this to see what clients are connected
# Windows requires double \\ here to path
status /var/log/status.log
# OpenVPN log goes to C:\Program Files\OpenVPN\log\* whatever this ovpn file is named
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3
log /var/log/openvpn.log
# telnet management interface, disable for normal use, use server cmd on server?
;management localhost 10020
# ovpn server pushes config info to clients from files in ccd dir.
# Matches are based on CN in connecting key, so CN in key must match file name exactly.
# Static VPN addressing and Client LAN routing is controlled in these files.
# client configuration directory (home is config dir, so rel path ok here)
client-config-dir ccd
# Allow LAN routing between clients
client-to-client
# Push routes to connecting clients, they need to know about all other LANs, including server LAN
push "route 10.0.1.0 255.255.255.0"
push "route 10.0.3.0 255.255.255.0"
# Allow the server to route traffic to client LANs, do not include server LAN
route 10.0.3.0 255.255.255.0
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth ta.key 0 # This file is secret
CCD file for the connecting client
Code: Select all
iroute 10.0.3.0 255.255.255.0
ifconfig-push 10.80.0.11 255.255.255.0
Client config
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
# UDP is the preferred alternative in most cases.
# If you cannot get a reliable UDP connection,
# then you might need to look into TCP.
;proto udp
proto tcp-client
# address of server and port of server
remote example.com some port
# Where are the keys? Uncomment appropriate lines AND put in client #
# -Windows
;ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
;cert "C:\\Program Files\\OpenVPN\\config\\client#.crt"
;key "C:\\Program Files\\OpenVPN\\config\\client#.key"
# -Ubiquiti EdgeRouter
;ca /config/auth/ca.crt
;cert /config/auth/client1.crt
;key /config/auth/client1.key
# Ubuntu Server: keys to be appended at end of file (this is base config)
# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth /config/auth/ta.key 1
########## keys start here ###########