Current broken configuration
dev tun
proto udp
port 23111
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_Yl0XwXX1dQ0rSxK7.crt
key /etc/openvpn/easy-rsa/pki/private/server_Yl0XwXX1dQ0rSxK7.key
#client-config-dir /etc/openvpn/ccd
dh none
topology subnet
server 10.8.0.0 255.255.255.0
route 10.8.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 192.168.0.100"
# Prevent DNS leaks on Windows
push "block-outside-dns"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
# log level
verb 3
proto udp
port 23111
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_Yl0XwXX1dQ0rSxK7.crt
key /etc/openvpn/easy-rsa/pki/private/server_Yl0XwXX1dQ0rSxK7.key
#client-config-dir /etc/openvpn/ccd
dh none
topology subnet
server 10.8.0.0 255.255.255.0
route 10.8.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 192.168.0.100"
# Prevent DNS leaks on Windows
push "block-outside-dns"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
# log level
verb 3
Goal configuration
dev tun
proto udp
port 23111
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_Yl0XwXX1dQ0rSxK7.crt
key /etc/openvpn/easy-rsa/pki/private/server_Yl0XwXX1dQ0rSxK7.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 192.169.0.100"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
proto udp
port 23111
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_Yl0XwXX1dQ0rSxK7.crt
key /etc/openvpn/easy-rsa/pki/private/server_Yl0XwXX1dQ0rSxK7.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 192.169.0.100"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
ifconfig
Code: Select all
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.199 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::ffe2:1360:e597:c5b6 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:d8:58:7a txqueuelen 1000 (Ethernet)
RX packets 568517 bytes 640844929 (611.1 MiB)
RX errors 0 dropped 3452 overruns 0 frame 0
TX packets 775716 bytes 685124423 (653.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::d0f1:873:e424:a71e prefixlen 64 scopeid 0x20<link>
ether 00:0e:c6:bc:42:0a txqueuelen 1000 (Ethernet)
RX packets 352507 bytes 115353595 (110.0 MiB)
RX errors 3 dropped 3461 overruns 0 frame 3
TX packets 174 bytes 10014 (9.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1
inet6 fe80::9792:975f:f665:4185 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 46 bytes 3605 (3.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Code: Select all
Chain INPUT (policy ACCEPT 343K packets, 114M bytes)
pkts bytes target prot opt in out source destination
4 392 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- !lo * 127.0.0.0/8 0.0.0.0/0 reject-with icmp-port-unreachable
4 240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW icmptype 8
525 58790 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6006 484K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:22
2484 482K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED udp dpt:23111
19 5987 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED udp spt:53
19 16344 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp spt:80
24 1824 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED udp spt:123
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp spt:443
0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
255K 22M ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ eth0 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
512K 636M ACCEPT all -- eth0 tun+ 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
212 51972 ACCEPT all -- eth1 tun+ 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
66 5800 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
10 776 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
4804 736K ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp spt:22
499K 642M ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED udp spt:23111
19 1367 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED udp dpt:53
12572 663K ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:80
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:443
0 0 ACCEPT all -- * tun0 0.0.0.0/0 0.0.0.0/0
655 55172 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Nat table
Chain PREROUTING (policy ACCEPT 15548 packets, 1918K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 2153 packets, 283K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 235 packets, 18648 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 238 packets, 18828 bytes)
pkts bytes target prot opt in out source destination
5205 1200K MASQUERADE all -- * eth0 10.8.0.0/24 0.0.0.0/0
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 202 0 0 eth0
0.0.0.0 10.8.0.1 0.0.0.0 UG 203 0 0 eth1
10.0.0.0 0.0.0.0 255.255.255.0 U 203 0 0 eth1
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.8.0.1 0.0.0.0 255.255.255.255 UH 203 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0