My Settings:
Pam-Mysql authentication.
Openvpn 2.0.9
I use OpenVPN GUI in Windows.
My problem:
Once I connect to my openvpn server(no error), I still get my local Windows IP address (using http://www.whatismyip.com/).
I think I should get server IP address. Anything is wrong?
My server.conf:
port 1194
proto tcp
;proto udp
;dev tap
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
;client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0
plugin ./openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
;log /var/log/openvpn.log
;log-append openvpn.log
verb 4
;mute 20
My client.ovpn:
client
;dev tap
dev tun
proto tcp
;proto udp
remote 65.49.80.22 1194
;remote my-server-2 1194
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
ns-cert-type server
tls-auth ta.key 1
route 192.168.0.0 255.255.252.0
;route 10.8.0.0 255.255.0.0
comp-lzo
verb 4
;mute 20
IP address is not changed
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
-
krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: IP address is not changed
why does the client have
route 192.168.0.0 255.255.252.0
that should only exist if the server is on that LAN subnet and you want the client to be able to access it.
as for how to make the client send internet traffic route over the vpn...
put
redirect-gateway def1
in the client config
then the server must have this rule in its firewall:
iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE
and also run these on the server
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> sysctl.conf
note, there is no good reason to need a /16 for your VPN, you should probably use a /24 instead
route 192.168.0.0 255.255.252.0
that should only exist if the server is on that LAN subnet and you want the client to be able to access it.
as for how to make the client send internet traffic route over the vpn...
put
redirect-gateway def1
in the client config
then the server must have this rule in its firewall:
iptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE
and also run these on the server
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> sysctl.conf
note, there is no good reason to need a /16 for your VPN, you should probably use a /24 instead