But at the same time it is necessary that the computer goes online without the participation of VPN.
Client setup:
Code: Select all
client
dev tun
proto udp
remote 3.18.*.47 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
Code: Select all
local 172.31.45.153
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp" ;If you comment, then RDP does not work
push "dhcp-option DNS 172.31.0.2"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
Code: Select all
*filter
:INPUT ACCEPT [2087:278660]
:FORWARD ACCEPT [302:14972]
:OUTPUT ACCEPT [2096:387787]
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT
COMMIT
# Completed on Fri Feb 14 08:03:47 2020
# Generated by iptables-save v1.6.1 on Fri Feb 14 08:03:47 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [6:556]
:POSTROUTING ACCEPT [6:556]
-A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination 10.8.0.2:3389
-A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to-source 172.31.45.153
COMMIT