OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Client to Client

https://forums.openvpn.net/viewtopic.php?t=33120

Page 1 of 1

Client to Client

Posted: Tue Oct 05, 2021 11:45 am
by lhw1221
good day i wanted to set up a VPN, to connect to my Nextcloud server at home (encrypted and all), using an smole extern Server i already have.
The VPN is ther by an extra layer of protection and also cause it mades the connecting betwin the devices esayer cause i got no ipv4 at home.

so i found a guide (https://averagelinuxuser.com/linux-vpn-server/)
unsing this script: https://raw.githubusercontent.com/Angri ... install.sh
in it selfe the VPN works, even my trafic gets reroutet.
But on problem i cannot ping or call the other client(Nextcloud server).

So my question ther for is, what do i have to change in my config:

Server side:

port [censored]
proto udp6
dev tun
user [censored]
group [censored]
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "redirect-gateway def1 bypass-dhcp"
server-ipv6 [censored?]
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server[censored].crt
key server[censored].key
auth [censored]
cipher [censored]
ncp-ciphers [censored]
tls-server
tls-version-min 1.2
tls-cipher [censored]
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3


Client side:

proto udp
explicit-exit-notify
remote [censored]:[censored]
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name [censored] name
auth [censored]
auth-nocache
cipher [censored]
tls-client
tls-version-min 1.2
tls-cipher [censored]
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
[censored]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[censored]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
[censored]
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[censored]
-----END OpenVPN Static key V1-----
</tls-crypt>

Re: Client to Client

Posted: Tue Oct 05, 2021 12:00 pm
by TinCanTech
Openvpn has a server side option called --client-to-client

Re: Client to Client

Posted: Tue Oct 05, 2021 12:12 pm
by lhw1221
TinCanTech wrote:
Tue Oct 05, 2021 12:00 pm
 Openvpn has a server side option called --client-to-client
Do just have to copy that into the Config ??

Re: Client to Client

Posted: Tue Oct 05, 2021 1:24 pm
by lhw1221
okay i just addet it to the server.conf but still can not ping other devices
is ther any order thes confs are written in

(i made sure to restart the service)

Re: Client to Client

Posted: Tue Oct 05, 2021 2:05 pm
by lhw1221
i tryt to add --client-to-client and client-to-client
i also tryt
iptables -A FORWARD -s 10.8.0.4 -d 10.8.0.2 -j ACCEPT
iptables -A FORWARD -s 10.8.0.2 -d 10.8.0.4 -j ACCEPT

last crashes the service btw

Re: Client to Client

Posted: Tue Oct 05, 2021 2:28 pm
by TinCanTech
In the config file you add:

Code: Select all

client-to-client
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/