Now i try route all traffic throw vpn gateway (and even that doesn't work), but finally i need route common web trafic throw default gateway and route "push" routes throw vpn gateway.
net.ipv4.ip_forward=1
10.8.0.0/24 vpn subnet
192.168.11.0/24 client's local subnet
172.16.0.0/16 vpn server subnet
Server have public ip
Server.conf
Code: Select all
port 59240
proto tcp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DNS 172.16.1.4"
push "dhcp-option DNS 172.16.1.62"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server.crt
key server.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
# LAN
push "route 5.227.126.64 255.255.255.192"
#push "route 46.61.183.0 255.255.255.128"
push "route 172.16.0.0 255.255.0.0"
push "route 46.0.183.0 255.255.255.0"
push "route 192.168.21.0 255.255.255.0"
push "route 80.249.129.247 255.255.255.255"
push "route 80.249.129.251 255.255.255.255"
push "route 80.249.129.200 255.255.255.255"
push "route 80.249.129.202 255.255.255.255"
# push "route 88.99.240.150 255.255.255.255"
push "route 138.201.29.164 255.255.255.255"
push "route 138.201.29.179 255.255.255.255"
push "route 78.46.102.179 255.255.255.255"
push "route 78.46.102.189 255.255.255.255"
push "dhcp-option DNS 172.16.1.4"
push "dhcp-option DNS 172.16.1.62"
push "dhcp-option DNS 192.168.21.11"
push "dhcp-option WINS 172.16.1.62"
push "dhcp-option WINS 172.16.1.4"
push "dhcp-option DOMAIN local.htc-cs.com"
Code: Select all
client
proto tcp-client
remote public_ip 59240
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:59240
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination