I've got ip forwarding enabled on the server:
Code: Select all
root@server:/etc/openvpn# cat /proc/sys/net/ipv4/ip_forward
1
General info:
server IP: 1.2.3.4
server private subnet range: 192.168.12.0/24
client internal private network: 10.168.12.0/24
server external interface: eth0
server internal interface: tun0
client external interface: eth0
client internal interface: tun0
route on client after connection:
Code: Select all
root@client:~# ip route show
0.0.0.0/1 via 192.168.12.5 dev tun0
default via 10.168.12.1 dev eth0
10.168.12.0/24 dev eth0 proto kernel scope link src 10.168.12.56
128.0.0.0/1 via 192.168.12.5 dev tun0
1.2.3.4 via 10.168.12.1 dev eth0
192.168.12.1 via 192.168.12.5 dev tun0
192.168.12.5 dev tun0 proto kernel scope link src 192.168.12.6
Code: Select all
root@client:/etc/openvpn# openvpn --config /etc/openvpn/client.conf
Sat Jan 2 14:32:46 2016 OpenVPN 2.3.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jul 8 2015
Sat Jan 2 14:32:46 2016 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Sat Jan 2 14:32:46 2016 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Jan 2 14:32:46 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 2 14:32:46 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 2 14:32:46 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Jan 2 14:32:46 2016 UDPv4 link local: [undef]
Sat Jan 2 14:32:46 2016 UDPv4 link remote: [AF_INET]1.2.3.4:1194
Sat Jan 2 14:32:46 2016 TLS: Initial packet from [AF_INET]1.2.3.4:1194, sid=bb1a9841 77477ef0
Sat Jan 2 14:32:47 2016 VERIFY OK: depth=1, C=UK, ST=GB, L=London, O=Swarthy, OU=SwarthyUK, CN=Swarthy CA, name=SwarthyUK, emailAddress=admin@home.swth
Sat Jan 2 14:32:47 2016 Validating certificate key usage
Sat Jan 2 14:32:47 2016 ++ Certificate has key usage 00a0, expects 00a0
Sat Jan 2 14:32:47 2016 VERIFY KU OK
Sat Jan 2 14:32:47 2016 Validating certificate extended key usage
Sat Jan 2 14:32:47 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jan 2 14:32:47 2016 VERIFY EKU OK
Sat Jan 2 14:32:47 2016 VERIFY OK: depth=0, C=UK, ST=GB, L=London, O=Swarthy, OU=SwarthyUK, CN=server, name=SwarthyUK, emailAddress=admin@home.swth
Sat Jan 2 14:32:48 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 2 14:32:48 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 2 14:32:48 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 2 14:32:48 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 2 14:32:48 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jan 2 14:32:48 2016 [server] Peer Connection Initiated with [AF_INET]1.2.3.4:1194
Sat Jan 2 14:32:51 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jan 2 14:32:51 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.168.12.11,dhcp-option DNS 8.8.8.8,route 192.168.12.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.12.6 192.168.12.5'
Sat Jan 2 14:32:51 2016 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan 2 14:32:51 2016 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jan 2 14:32:51 2016 OPTIONS IMPORT: route options modified
Sat Jan 2 14:32:51 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Jan 2 14:32:51 2016 ROUTE_GATEWAY 10.168.12.1/255.255.255.0 IFACE=eth0 HWADDR=00:16:3e:13:83:b8
Sat Jan 2 14:32:51 2016 TUN/TAP device tun0 opened
Sat Jan 2 14:32:51 2016 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Sat Jan 2 14:32:51 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jan 2 14:32:51 2016 /sbin/ip link set dev tun0 up mtu 1500
Sat Jan 2 14:32:51 2016 /sbin/ip addr add dev tun0 local 192.168.12.6 peer 192.168.12.5
Sat Jan 2 14:32:51 2016 /sbin/ip route add 1.2.3.4/32 via 10.168.12.1
Sat Jan 2 14:32:51 2016 /sbin/ip route add 0.0.0.0/1 via 192.168.12.5
Sat Jan 2 14:32:51 2016 /sbin/ip route add 128.0.0.0/1 via 192.168.12.5
Sat Jan 2 14:32:51 2016 /sbin/ip route add 192.168.12.1/32 via 192.168.12.5
Sat Jan 2 14:32:51 2016 Initialization Sequence Completed
Code: Select all
client
dev tun
proto udp
remote 1.2.3.4 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
comp-lzo
verb 3
Code: Select all
local 1.2.3.4
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 192.168.12.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.168.12.11"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher BF-CBC # Blowfish (default)
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3