OpenVPN server only for RDP

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Daniru
OpenVpn Newbie
Posts: 3
Joined: Fri Feb 14, 2020 7:51 am

OpenVPN server only for RDP

Post by Daniru » Fri Feb 14, 2020 8:14 am

I would like to connect to my computer from anywhere in the world, on the ip of my ubuntu 18.04 server with OpenVPN.
But at the same time it is necessary that the computer goes online without the participation of VPN.

Client setup:

Code: Select all

client
dev tun
proto udp
remote 3.18.*.47 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
Server settings:

Code: Select all

local 172.31.45.153
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp" ;If you comment, then RDP does not work
push "dhcp-option DNS 172.31.0.2"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
IPtablesb:

Code: Select all

*filter
:INPUT ACCEPT [2087:278660]
:FORWARD ACCEPT [302:14972]
:OUTPUT ACCEPT [2096:387787]
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT
COMMIT
# Completed on Fri Feb 14 08:03:47 2020
# Generated by iptables-save v1.6.1 on Fri Feb 14 08:03:47 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [6:556]
:POSTROUTING ACCEPT [6:556]
-A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination 10.8.0.2:3389
-A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to-source 172.31.45.153
COMMIT

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: OpenVPN server only for RDP

Post by Pippin » Fri Feb 14, 2020 11:53 am

Is there a problem?
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

Daniru
OpenVpn Newbie
Posts: 3
Joined: Fri Feb 14, 2020 7:51 am

Re: OpenVPN server only for RDP

Post by Daniru » Fri Feb 14, 2020 12:54 pm

The problem is that without the line

Code: Select all

push "redirect-gateway def1 bypass-dhcp "
RDP does not work. Together with the line, all the traffic goes through the VPN, which is completely unnecessary.

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: OpenVPN server only for RDP

Post by Pippin » Fri Feb 14, 2020 1:58 pm

Tried to remove 'bypass-dhcp'?
It's hardly ever needed.

Client:

Code: Select all

ignore-unknown-option block-outside-dns
block-outside-dns
?

Also see:
https://community.openvpn.net/openvpn/wiki/HOWTO
https://community.openvpn.net/openvpn/w ... n24ManPage
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

Daniru
OpenVpn Newbie
Posts: 3
Joined: Fri Feb 14, 2020 7:51 am

Re: OpenVPN server only for RDP

Post by Daniru » Fri Feb 14, 2020 5:03 pm

I changed the settings, according to your advice, this did not cause an effect. But I noticed that the communication on the RDP can pass at the time of connecting the client, if redirect-gateway def1 is disabled

Post Reply