Ovpn linux client trouble with routing

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mrogotnev
OpenVpn Newbie
Posts: 1
Joined: Thu Dec 29, 2022 5:46 am

Ovpn linux client trouble with routing

Post by mrogotnev » Thu Dec 29, 2022 6:05 am

i have test ovpn server install from sh script on Debian. Tests on windows client is fine: i have ping to vpn gateway, "clean" tracert command in cmd, and web work fine, but on linux client i take some trouble. I have ping, but tracerotue hide by "*" signs and web doesn't work.

Now i try route all traffic throw vpn gateway (and even that doesn't work), but finally i need route common web trafic throw default gateway and route "push" routes throw vpn gateway.

net.ipv4.ip_forward=1

10.8.0.0/24 vpn subnet
192.168.11.0/24 client's local subnet
172.16.0.0/16 vpn server subnet
Server have public ip

Server.conf

Code: Select all

port 59240
proto tcp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DNS 172.16.1.4"
push "dhcp-option DNS 172.16.1.62"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server.crt
key server.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

# LAN
push "route 5.227.126.64 255.255.255.192"
#push "route 46.61.183.0 255.255.255.128"
push "route 172.16.0.0 255.255.0.0"
push "route 46.0.183.0 255.255.255.0"
push "route 192.168.21.0 255.255.255.0"

push "route 80.249.129.247 255.255.255.255"

push "route 80.249.129.251 255.255.255.255"

push "route 80.249.129.200 255.255.255.255"
push "route 80.249.129.202 255.255.255.255"

# push "route 88.99.240.150 255.255.255.255"

push "route 138.201.29.164 255.255.255.255"
push "route 138.201.29.179 255.255.255.255"

push "route 78.46.102.179 255.255.255.255"
push "route 78.46.102.189 255.255.255.255"

push "dhcp-option DNS 172.16.1.4"
push "dhcp-option DNS 172.16.1.62"
push "dhcp-option DNS 192.168.21.11"
push "dhcp-option WINS 172.16.1.62"
push "dhcp-option WINS 172.16.1.4"
push "dhcp-option DOMAIN local.htc-cs.com"
client.conf

Code: Select all

client
proto tcp-client
remote public_ip 59240
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
Server iptables

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:59240
ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Post Reply