How to customize and extend your OpenVPN installation.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
DGDays
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Jul 09, 2021 10:16 am
Post
by DGDays » Fri Jul 09, 2021 10:22 am
I was able to start an openvpn server on my PC and connect a client to it, but I just can't configure it to replace the client's ip with the server's ip. I know that
Code: Select all
push "redirect-gateway def1 bypass-dhcp"
does this, but then the Internet on the client disappears and it is impossible even to ping 8.8.8.8. Can you please tell me what to do about it?
Client config:
Code: Select all
remote 178.44.196.105
client
port 12345
proto tcp4-client
dev tun
tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
remote-cert-tls server
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\ClientVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ClientVPN.key"
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
mute 20
Server config:
Code: Select all
dev-node "ServerVPN"
mode server
port 12345
proto tcp4-server
dev tun
tls-server
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"
server 10.10.10.0 255.255.255.0
client-to-client
keepalive 10 120
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
client-config-dir "C:\\Program Files\\OpenVPN\\config"
verb 3
route-delay 5
route-method exe
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
route 192.168.182.0 255.255.255.0
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Fri Jul 09, 2021 12:15 pm
You are using
Windblows for your server ..
You could run a VBox Linux VM and it is easier than making Windblows be a server ..
You'll need to read
Bebop's post here:
viewforum.php?f=7
-
DGDays
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Jul 09, 2021 10:16 am
Post
by DGDays » Fri Jul 09, 2021 5:10 pm
I agree, it's easier, but I can't allocate resources on the VBox in any way...
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1332
- Joined: Tue Feb 16, 2021 10:41 am
Post
by openvpn_inc » Sat Jul 10, 2021 2:30 pm
Hello,
There's no suggestion that your server is doing NAT for the VPN packets. The NAT is required unless you have a large enough routable netblock (non-RFC-1918) to use for your VPN.
This is much better documented in GNU/Linux and *BSDs, but Windows can do it also IIUC. I think they call the feature "Internet Connection Sharing."
Please see
http://pekster.sdf.org/misc/redirect.png for a good flowchart covering everything you need to check, to get this working.
Good luck, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
300000
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Post
by 300000 » Mon Jul 12, 2021 3:04 pm
If you cant make it work as you like so here is the picture just do follow and it shoud work as you like.
open your server config and add this line to make static ip for your openvpn network card first.
ip-win32 manual
