I managed to install OpenVPN and create 2 services (1 for tun, 1 for tap). That works fine! In this topic I want to focus on the TAP OpenVPN since I want to connect via TAP and use broadcasting. However I cannot get the routing/bridging 100% correctly working. Also I am not able to connect to other machines in the network over VPN. (It worked when I had it on my OpenWRT router, but now I host it on the NUC and not on the Router(gateway) anymore!
Overview:
Homenetwork:
Modem/Internet (EXTERNAL IP) > OpenWRT ROUTER (192.168.200.1, vpn ports forwarded to NUC) > a) NUC with OpenVPN (192.168.200.247) and b) other Computers, for example Windows Desktop with RDP (192.168.200.X).
Network X:
Modem/Internet > Some router, can be any IP, might be different range as server > a) My client PC's with OpenVPN Client installed, connecting to EXTERNAL IP of homenetwork.
I can connect to EXTERNAL IP. However I cannot reach the local machines or router. Broadcasting also not working. And I dont have the Homenetwork IP when doing IP check. So I have connection but it's not complete yet.
TUN-config NUC (OpenVPN Server):
Code: Select all
tls-server
dev tap
proto udp
#enabled
#persist-key
#persist-tun
#topology subnet
port 1195
keepalive 10 120
mode server
[color=#FF0040]#server-bridge 192.168.200.247 255.255.255.0 192.168.200.31 192.168.200.35
#ifconfig 192.168.1.101 255.255.255.0
#ifconfig-pool 192.168.1.10 192.168.1.20
#push "route-gateway dhcp"
#push "route 192.168.200.247 255.255.255.0 192.168.200.1 1"
#push "redirect-gateway def1"
push "route 192.168.200.0 255.255.255.0"
#push "dhcp-option DNS 192.168.200.1"
#route add 192.168.200.0 mask 255.255.55.0 gw 192.168.200.1
[/color]
# Location of certificate authority's cert.
ca /etc/openvpn/filenameA
# Location of VPN server's TLS cert.
cert /etc/openvpn/filenameB
# Location of server's TLS key
key /etc/openvpn/filenameC
# Location of DH parameter file.
dh /etc/openvpn/dhp4096.pem
# The VPN's address block starts here.
#server 10.89.0.10 255.255.255.0
#explicit-exit-notify 1
# Drop root privileges and switch to the `ovpn` user after startup.
user ovpn
# OpenVPN process is exclusive member of ovpn group.
group ovpn
# Cryptography options. We force these onto clients by
# setting them here and not in client.ovpn. See
# `openvpn --show-tls`, `openvpn --show-ciphers` and
#`openvpn --show-digests` for all supported options.
tls-crypt /etc/openvpn/filenameD
auth SHA512 # This needs to be in client.ovpn too though.
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
ncp-ciphers AES-256-GCM:AES-256-CBC
# Logging options.
#ifconfig-pool-persist ipp2.txt
status openvpn-status2.log
log /var/log/openvpn2.log
verb 4
client-to-client
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destinatio
As you can see in my TAP Server conf, I tried a lot of things with routing. However I did not find the final solution. After a couple of days I decided to ask your help. I hope you understand my question and could help me.dev tap
proto udp
auth SHA512
log openvpn.log
verb 4
ca "c:\\filenameA"
cert "c:\\filenameB"
key "c:\\filenameC"
tls-crypt "c:\\filenameD"
client
remote-cert-tls server
remote HOMENETWORK_EXTERNAL-IP PORT
auth-nocache