I have installed Openvpn on Centos 7 and my server with single public network inetrface (by the below link
https://community.openvpn.net/openvpn/w ... LinuxNotes )
The Openvpn server works fine and i can connect via Windows client. After connecting client, i found the below
1- the client has private ip from openvpn server (so it's perfect)
2- when i type my ip in browser. i can see the public IP for openvpn server (it's good as well)
3- the client can access any external app(internet) but when i check the request, i found the request come with the public IP of my internet service provider not openvpn server ip.
please fond my configration:
========================
######server.conf########
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
route 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "remote-gateway 10.8.0.1"
push "dhcp-option DNS 8.8.8.8"
duplicate-cn
keepalive 20 60
comp-lzo
persist-key
persist-tun
daemon
log-append /var/log/myvpn/openvpn.log
verb 3
##########Client.ovpn##########
client
dev tun
proto udp
remote server_ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
redirect-gateway def1
mute-replay-warnings
verb 3
#########Firewall#############
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -m state --state NEW -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 10.8.0.0/24 -i tun0 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -i tun0 -o enp0s25 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -i tun0 -o enp0s25 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i enp0s25 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -o enp0s25 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
Code: Select all
*nat
:PREROUTING ACCEPT [242800:22435355]
:INPUT ACCEPT [2564:160253]
:OUTPUT ACCEPT [15110:912555]
:POSTROUTING ACCEPT [15110:912555]
-A POSTROUTING -s 10.8.0.0/24 -o enp0s25 -j MASQUERADE
COMMIT
# Completed on Tue Sep 12 12:00:01 2017
# Generated by iptables-save v1.4.21 on Tue Sep 12 12:00:01 2017
*mangle
:PREROUTING ACCEPT [349411:43852261]