After reading tons of documentation, other threads in this forum, googling around, and following several tutorials I am asking for help in configuring my linux OpenVPN server which is working partially: I have succeeded in installing and having my OpenVPN server working to access my local intranet at home but I have been unable to configure the server to route all client traffic to access the internet.
When a remote vpn client connects from the internet it can access any node in my local intranet but it has no access to the internet. I would like to push to the client a configuration where the client could access the internet through the internet connection of the VPN server which is at home (behind and ADSL router).
My local intranet is 192.168.128.0/17, the router LAN IP is 192.168.178.1 and its public IP is 84.226.249.92
My server runs:
The documentation ( https://community.openvpn.net/openvpn/w ... oughtheVPN ) suggest to add the following lines to the server.conf file:OpenVPN 2.5.1 x86_64-pc-linux-gnu
eth0: inet 192.168.220.10 netmask 255.255.128.0 broadcast 192.168.255.255
tun0: inet 10.178.178.1 netmask 255.255.255.0 destination 10.178.178.1
All is ok when pushing "redirect-gateway" and "dhcp-option" but as soon as I add the “iptables” line, the clients cannot connect anymore.push "redirect-gateway def1"
iptables -t nat -A POSTROUTING -s 10.178.178.0/24 -o eth0 -j MASQUERADE
push "dhcp-option DNS 192.168.178.5"
After spending several hours I am really confused … does anyone see a problem in my configuration which prevents the client to connect and/or the traffic to be routed through the OpenVPN server and my home router ?
Any ideas or suggestion would be appreciated !
-- Thanks in advance, albpacecom
server configuration (file /etc/openvpn/server.conf):
Code: Select all
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.178.178.0 255.255.255.0
ifconfig-pool-persist ipp.txt 0
push "dhcp-option DNS 192.168.178.5"
push "route 192.168.128.0 255.255.128.0"
push "redirect-gateway def1"
# the line below prevent clients to connect if I remove the comment
# iptables -t nat -A POSTROUTING -s 10.178.178.0/24 -o eth0 -j MASQUERADE
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_KGLmQPMqxtexP8X2.crt
key server_KGLmQPMqxtexP8X2.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 3
Code: Select all
client
proto udp
remote hostname.domain.org 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_KGLmQPMqxtexP8X2 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
verb 3
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----
(info removed)
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
(info removed)
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN EC PRIVATE KEY-----
(info removed)
-----END EC PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
(info removed)
-----END OpenVPN Static key V1-----
</tls-crypt>
Code: Select all
C:\>ipconfig /all
Windows IP Configuration
Unknown adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
Physical Address. . . . . . . . . : 00-FF-D5-9A-89-2A
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b123:23bc:160a:476b%22(Preferred)
IPv4 Address. . . . . . . . . . . : 10.178.178.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.178.178.1
DNS Servers . . . . . . . . . . . : 192.168.178.5
NetBIOS over Tcpip. . . . . . . . : Enabled