I'm trying to change the routing rules only for a client. The other clients have total access to internet and to the lan. I'd like this client to be able only to connect with the server.
I used "push-reset" in the client configuration file to not use the default server routing rules and it worked. Maybe it worked...
The routing table shows:
Code: Select all
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 600 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0
255.255.255.0 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
The server has the ip 10.3.0.1 and the client 10.3.0.6 (tun0). I'd like client only connect to the server.
I've tried with "iroute" and "push" surely I did it wrong
Could you please tell me what I have to add in my configuration/s file/s?
server.conf:
server.conf
port 1194
proto tcp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.3.0 255.255.255.0
client-config-dir /etc/openvpn/client
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
/etc/openvpn/client/client1:
client1
push-reset
Above I tried also with: push "route 10.3.0.1 255.255.255.255 10.3.0.1" and "iroute 10.3.0.1 255.255.255.255"
client.opvn:
client.opvn
client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote public ip and port
auth-nocache
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
Thanks
P.S. The Openvpn server is 2.4.0 installed on debian stretch