[Hello!
I tried everything as described in the post, but it didn't work.
openvpn network
openvpn server
Client1
Client2 (through it you need to access the Internet)
Server configuration
Code: Select all
local 50.50.50.50
port 443
proto tcp
dev tune
ca ca.crt
certserver.crt
keyserver.key
dh dh.pem
auth SHA512
tls-crypt tc.key
subnet topology
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keep alive 10 120
cipher AES-256-GCM
user nobody
group nobody
persist key
persist-tun
verb 3
crl-verify crl.pem
status /etc/openvpn/server/status.log
log /etc/openvpn/server/ovpn.log
client-config-dir /etc/openvpn/server/ccd
config Client1
Code: Select all
push "subnet topology"
ifconfig-push 10.8.0.200 255.255.255.0
config Client2
Code: Select all
push-reset
push "subnet topology"
ifconfig-push 10.8.0.254 255.255.255.0
iroute 0.0.0.0 0.0.0.0
Then on the server I did the following
Code: Select all
echo "200 vpnclient" >> /etc/iproute2/rt_tables
ip route add 10.08.0.0/24 dev tun0 src 10.8.0.1 table vpnclient
ip route add default via 10.8.0.254 dev tun0 table vpnclient
ip rule add from 10.8.0.200/32 table vpnclient
ip rule add to 10.8.0.200/32 table vpnclient
ip route flush cache
After that, the clients connect, ping each other, but nothing on Client2 in tcpdump -i tun0
Further on the server introduced the rule
Code: Select all
iptables -t nat -A PREROUTING -i tun0 -s 10.8.0.200 -j DNAT --to-destination 10.8.0.254
On Client2
Code: Select all
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 60.60.60.60
Packets appeared on Client2 tcpdump -i tun0
Code: Select all
8:38:29.386151 IP 10.8.0.200.51515 > client2.5351: UDP, length 60
18:38:29.461997 IP 10.8.0.200.45324 > client2.domain: 29495+ A? kv601.prod.do.dsp.mp.microsoft.com. (52)
18:38:29.615888 IP 10.8.0.200.65397 > client2.domain: 3950+ A? v10.events.data.microsoft.com. (47)
18:38:29.862947 IP 10.8.0.200.55383 > client2.domain: 20646+ A? wpad.beeline. (thirty)
18:38:29.863002 IP client2 > 10.8.0.200: ICMP client2 udp port domain unreachable, length 66
18:38:30.127900 IP 10.8.0.200.11811 > client2.domain: 59036+ A? bt3.t-ru.org. (thirty)
18:38:30.637075 IP 10.8.0.200.51515 > client2.5351: UDP, length 60
18:38:31.475957 IP 10.8.0.200.65519 > client2.domain: 29495+ A? kv601.prod.do.dsp.mp.microsoft.com. (52)
18:38:31.476023 IP client2 > 10.8.0.200: ICMP client2 udp port domain unreachable, length 88
18:38:31.476768 IP 10.8.0.200.45324 > client2.domain: 29495+ A? kv601.prod.do.dsp.mp.microsoft.com. (52)
18:38:31.629376 IP 10.8.0.200.60819 > client2.domain: 3950+ A? v10.events.data.microsoft.com. (47)
18:38:31.629961 IP 10.8.0.200.65397 > client2.domain: 3950+ A? v10.events.data.microsoft.com. (47)
18:38:32.140961 IP 10.8.0.200.51515 > client2.5351: UDP, length 60
18:38:32.141027 IP client2 > 10.8.0.200: ICMP client2 udp port 5351 unreachable, length 96
18:38:32.141478 IP 10.8.0.200.64152 > client2.domain: 59036+ A? bt3.t-ru.org. (thirty)
18:38:32.141529 IP 10.8.0.200.11811 > client2.domain: 59036+ A? bt3.t-ru.org. (thirty)
18:38:33.869993 IP 10.8.0.200.57426 > client2.domain: 42815+ A? www.msftconnecttest.com. (41)
18:38:33.870057 IP client2 > 10.8.0.200: ICMP client2 udp port domain unreachable, length 77
18:38:33.901916 IP 10.8.0.200.51515 > client2.5351: UDP, length 60
18:38:33.901979 IP client2 > 10.8.0.200: ICMP client2 udp port 5351 unreachable, length 96
18:38:34.877544 IP 10.8.0.200.37417 > client2.domain: 42815+ A? www.msftconnecttest.com. (41)
18:38:34.877626 IP client2 > 10.8.0.200: ICMP client2 udp port domain unreachable, length 77
18:38:35.484699 IP 10.8.0.200.65519 > client2.domain: 29495+ A? kv601.prod.do.dsp.mp.microsoft.com. (52)
18:38:35.524774 IP 10.8.0.200.45324 > client2.domain: 29495+ A? kv601.prod.do.dsp.mp.microsoft.com. (52)
18:38:35.641804 IP 10.8.0.200.60819 > client2.domain: 3950+ A? v10.events.data.microsoft.com. (47)
18:38:35.642384 IP 10.8.0.200.65397 > client2.domain: 3950+ A? v10.events.data.microsoft.com. (47)
18:38:35.889436 IP 10.8.0.200.37417 > client2.domain: 42815+ A? www.msftconnecttest.com. (41)
18:38:35.889513 IP client2 > 10.8.0.200: ICMP client2 udp port domain unreachable, length 77
18:38:35.904666 IP 10.8.0.200.51515 > client2.5351: UDP, length 60
But nothing opens on Client1, although 8.8.8.8 is pinged in the console
Maybe I didn't set up the routing table correctly.