Setting up VPN server on a Raspberry Pi
Posted: Tue Jun 11, 2019 5:10 pm
I know there is a thread with the same topic, but I'm a different user. And yes, I read https://openvpn.net/community-resources ... /#redirect
I can connect to the opvn server but I can't see my wlan (my wlan is 192.168.1.x) and I can't go in internet
This is my server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/xxxxxxxxxxxxxxxxxxxx.crt
key /etc/openvpn/easy-rsa/keys/xxxxxxxxxxxxxxxxxxxx.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
tls-server
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
server 192.168.2.0 255.255.255.0
route 192.168.1.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
duplicate-cn
keepalive 10 120
# cifratura
cipher AES-256-CBC
auth SHA512
key-direction 0
comp-lzo
max-clients 5
user nobody
group users
persist-key
persist-tun
# log
status /var/log/openvpn-status.log 300
log /var/log/openvpn.log
verb 2
mute 20
I also tried
and
This is my client.opvn
This is my client log
This is my client ipconfig
This is my server log
This is my iptables on server
This is netstat -rn on server
On server "cat /proc/sys/net/ipv4/ip_forward" shows 1
I can connect to the opvn server but I can't see my wlan (my wlan is 192.168.1.x) and I can't go in internet
This is my server.conf
Server Config
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/xxxxxxxxxxxxxxxxxxxx.crt
key /etc/openvpn/easy-rsa/keys/xxxxxxxxxxxxxxxxxxxx.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
tls-server
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
server 192.168.2.0 255.255.255.0
route 192.168.1.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
duplicate-cn
keepalive 10 120
# cifratura
cipher AES-256-CBC
auth SHA512
key-direction 0
comp-lzo
max-clients 5
user nobody
group users
persist-key
persist-tun
# log
status /var/log/openvpn-status.log 300
log /var/log/openvpn.log
verb 2
mute 20
I also tried
Code: Select all
push "redirect-gateway local def1"
Code: Select all
push "redirect-gateway 192.168.2.1"
This is my client.opvn
Code: Select all
# Full Tunnel OpenVPN client configuration
client
dev tun
proto udp
resolv-retry infinite
key-direction 1
nobind
persist-key
persist-tun
remote xxxxxxxxxxxxxxxxxx.ddns.net 1194
cipher AES-256-CBC
auth SHA512
tls-client
tls-cipher DHE-RSA-AES256-SHA
comp-lzo
# gateway
redirect-gateway def1
# logging setup
mute-replay-warnings
verb 3
mute 20
Code: Select all
Tue Jun 11 18:40:03 2019 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Tue Jun 11 18:40:03 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jun 11 18:40:03 2019 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Enter Management Password:
Tue Jun 11 18:40:03 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Tue Jun 11 18:40:03 2019 Need hold release from management interface, waiting...
Tue Jun 11 18:40:03 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Tue Jun 11 18:40:03 2019 MANAGEMENT: CMD 'state on'
Tue Jun 11 18:40:03 2019 MANAGEMENT: CMD 'log all on'
Tue Jun 11 18:40:03 2019 MANAGEMENT: CMD 'hold off'
Tue Jun 11 18:40:03 2019 MANAGEMENT: CMD 'hold release'
Tue Jun 11 18:40:03 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jun 11 18:40:04 2019 MANAGEMENT: CMD 'password [...]'
Tue Jun 11 18:40:04 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jun 11 18:40:04 2019 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
Tue Jun 11 18:40:04 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 11 18:40:04 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 11 18:40:04 2019 MANAGEMENT: >STATE:1560271204,RESOLVE,,,,,,
Tue Jun 11 18:40:04 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
Tue Jun 11 18:40:04 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jun 11 18:40:04 2019 UDP link local: (not bound)
Tue Jun 11 18:40:04 2019 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Tue Jun 11 18:40:04 2019 MANAGEMENT: >STATE:1560271204,WAIT,,,,,,
Tue Jun 11 18:40:04 2019 MANAGEMENT: >STATE:1560271204,AUTH,,,,,,
Tue Jun 11 18:40:04 2019 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=fcee15fe 241ab26c
Tue Jun 11 18:40:04 2019 VERIFY OK: xxx
Tue Jun 11 18:40:04 2019 VERIFY OK: xxx
Tue Jun 11 18:40:05 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jun 11 18:40:05 2019 [gattosilvestro] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
Tue Jun 11 18:40:06 2019 MANAGEMENT: >STATE:1560271206,GET_CONFIG,,,,,,
Tue Jun 11 18:40:06 2019 SENT CONTROL [gattosilvestro]: 'PUSH_REQUEST' (status=1)
Tue Jun 11 18:40:06 2019 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 8.8.8.8,route 192.168.2.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.2.6 192.168.2.5,peer-id 0,cipher AES-256-GCM'
Tue Jun 11 18:40:06 2019 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 11 18:40:06 2019 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 11 18:40:06 2019 OPTIONS IMPORT: route options modified
Tue Jun 11 18:40:06 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 11 18:40:06 2019 OPTIONS IMPORT: peer-id set
Tue Jun 11 18:40:06 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Tue Jun 11 18:40:06 2019 OPTIONS IMPORT: data channel crypto options modified
Tue Jun 11 18:40:06 2019 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jun 11 18:40:06 2019 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jun 11 18:40:06 2019 interactive service msg_channel=828
Tue Jun 11 18:40:06 2019 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 I=8 HWADDR=a4:db:30:41:b7:3f
Tue Jun 11 18:40:06 2019 open_tun
Tue Jun 11 18:40:06 2019 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{45A5D323-3B26-4AB9-AD55-E9CC64567E81}.tap
Tue Jun 11 18:40:06 2019 TAP-Windows Driver Version 9.21
Tue Jun 11 18:40:06 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.2.6/255.255.255.252 on interface {45A5D323-3B26-4AB9-AD55-E9CC64567E81} [DHCP-serv: 192.168.2.5, lease-time: 31536000]
Tue Jun 11 18:40:06 2019 Successful ARP Flush on interface [9] {45A5D323-3B26-4AB9-AD55-E9CC64567E81}
Tue Jun 11 18:40:06 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jun 11 18:40:06 2019 MANAGEMENT: >STATE:1560271206,ASSIGN_IP,,192.168.2.6,,,,
Tue Jun 11 18:40:11 2019 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Tue Jun 11 18:40:11 2019 C:\Windows\system32\route.exe ADD yyy.yyy.yyy.yyy MASK 255.255.255.255 192.168.43.1
Tue Jun 11 18:40:11 2019 Route addition via service succeeded
Tue Jun 11 18:40:11 2019 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.2.5
Tue Jun 11 18:40:11 2019 Route addition via service succeeded
Tue Jun 11 18:40:11 2019 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.2.5
Tue Jun 11 18:40:11 2019 Route addition via service succeeded
Tue Jun 11 18:40:11 2019 MANAGEMENT: >STATE:1560271211,ADD_ROUTES,,,,,,
Tue Jun 11 18:40:11 2019 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 192.168.2.5
Tue Jun 11 18:40:11 2019 Route addition via service succeeded
Tue Jun 11 18:40:11 2019 C:\Windows\system32\route.exe ADD 192.168.2.1 MASK 255.255.255.255 192.168.2.5
Tue Jun 11 18:40:11 2019 Route addition via service succeeded
Tue Jun 11 18:40:11 2019 Initialization Sequence Completed
Tue Jun 11 18:40:11 2019 MANAGEMENT: >STATE:1560271211,CONNECTED,SUCCESS,192.168.2.6,yyy.yyy.yyy.yyy,1194,,
Tue Jun 11 18:41:25 2019 C:\Windows\system32\route.exe DELETE 192.168.1.0 MASK 255.255.255.0 192.168.2.5
Tue Jun 11 18:41:25 2019 Route deletion via service succeeded
Tue Jun 11 18:41:25 2019 C:\Windows\system32\route.exe DELETE 192.168.2.1 MASK 255.255.255.255 192.168.2.5
Tue Jun 11 18:41:25 2019 Route deletion via service succeeded
Tue Jun 11 18:41:25 2019 C:\Windows\system32\route.exe DELETE yyy.yyy.yyy.yyy MASK 255.255.255.255 192.168.43.1
Tue Jun 11 18:41:25 2019 Route deletion via service succeeded
Tue Jun 11 18:41:25 2019 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 192.168.2.5
Tue Jun 11 18:41:25 2019 Route deletion via service succeeded
Tue Jun 11 18:41:25 2019 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 192.168.2.5
Tue Jun 11 18:41:25 2019 Route deletion via service succeeded
Tue Jun 11 18:41:25 2019 Closing TUN/TAP interface
Tue Jun 11 18:41:25 2019 SIGTERM[hard,] received, process exiting
Tue Jun 11 18:41:25 2019 MANAGEMENT: >STATE:1560271285,EXITING,SIGTERM,,,,,
Code: Select all
Configurazione IP di Windows
Scheda Ethernet Ethernet:
Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione: phy.a-tono.net
Scheda Ethernet Ethernet 2:
Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Scheda LAN wireless Connessione alla rete locale (LAN)* 3:
Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Scheda Ethernet Ethernet 3:
Suffisso DNS specifico per connessione:
Indirizzo IPv6 locale rispetto al collegamento . : fe80::f93d:d71b:6dd:6758%9
Indirizzo IPv4. . . . . . . . . . . . : 192.168.2.6
Subnet mask . . . . . . . . . . . . . : 255.255.255.252
Gateway predefinito . . . . . . . . . :
Scheda LAN wireless Wi-Fi:
Suffisso DNS specifico per connessione:
Indirizzo IPv6 locale rispetto al collegamento . : fe80::306d:aa4c:ff4:ef9f%8
Indirizzo IPv4. . . . . . . . . . . . : 192.168.43.34
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Gateway predefinito . . . . . . . . . : 192.168.43.1
Scheda LAN wireless Connessione alla rete locale (LAN)* 5:
Suffisso DNS specifico per connessione:
Indirizzo IPv6 locale rispetto al collegamento . : fe80::a566:fdea:d428:944c%10
Indirizzo IPv4. . . . . . . . . . . . : 192.168.137.1
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Gateway predefinito . . . . . . . . . :
Scheda Ethernet Connessione di rete Bluetooth:
Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Code: Select all
Tue Jun 11 18:38:20 2019 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Tue Jun 11 18:38:20 2019 library versions: OpenSSL 1.0.2r 26 Feb 2019, LZO 2.08
Tue Jun 11 18:38:21 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 11 18:38:21 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 11 18:38:21 2019 TUN/TAP device tun0 opened
Tue Jun 11 18:38:21 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jun 11 18:38:21 2019 /sbin/ip link set dev tun0 up mtu 1500
Tue Jun 11 18:38:21 2019 /sbin/ip addr add dev tun0 local 192.168.2.1 peer 192.168.2.2
Tue Jun 11 18:38:21 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Jun 11 18:38:21 2019 UDPv4 link local (bound): [AF_INET][undef]:1194
Tue Jun 11 18:38:21 2019 UDPv4 link remote: [AF_UNSPEC]
Tue Jun 11 18:38:21 2019 GID set to users
Tue Jun 11 18:38:21 2019 UID set to nobody
Tue Jun 11 18:38:21 2019 Initialization Sequence Completed
Tue Jun 11 18:38:45 2019 zzz.zzz.zzz.zzz:41863 VERIFY OK: depth=1, xxx
Tue Jun 11 18:38:45 2019 zzz.zzz.zzz.zzz:41863 VERIFY OK: depth=0, xxx
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_VER=2.4.0
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_PLAT=win
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_PROTO=2
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_NCP=2
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_LZ4=1
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_LZ4v2=1
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_LZO=1
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_COMP_STUB=1
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_COMP_STUBv2=1
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_TCPNL=1
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 peer info: IV_GUI_VER=OpenVPN_GUI_11
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jun 11 18:38:45 2019 93.36.92.74:41863 [myclient] Peer Connection Initiated with [AF_INET]zzz.zzz.zzz.zzz:41863
Tue Jun 11 18:38:45 2019 myclient/zzz.zzz.zzz.zzz:41863 MULTI_sva: pool returned IPv4=192.168.2.6, IPv6=(Not enabled)
Tue Jun 11 18:38:46 2019 myclient/zzz.zzz.zzz.zzz:41863 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jun 11 18:38:46 2019 myclient/zzz.zzz.zzz.zzz:41863 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jun 11 18:44:05 2019 myclient/zzz.zzz.zzz.zzz:41863 [myclient] Inactivity timeout (--ping-restart), restarting
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 enxb827eb7c590e
192.168.1.0 192.168.2.2 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enxb827eb7c590e
192.168.2.0 192.168.2.2 255.255.255.0 UG 0 0 0 tun0
192.168.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0