[Openvpn-users] Completing the VPN Re: First time set up using openvpn

Sat, 04 Apr 2020 12:59:20 -0700 

tls-crypt in place of tls-auth did the trick.

However routing and gateway seems to be non-functional.

So the working server file is

---------------------------------------------------------------------


local 192.168.81.1

port 1194

proto udp

dev tun
ca /usr/local/etc/openvpn/server/ca.crt
cert /usr/local/etc/openvpn/server/issued/server.crt
key /usr/local/etc/openvpn/server/private/server.key

dh /usr/local/etc/openvpn/server/dh.pem

topology subnet

server 10.8.0.0 255.255.0.0

ifconfig-pool-persist ipp.txt

push "route 10.8.0.0 255.255.0.0"

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 192.168.81.1"
push "dhcp-option DNS 192.168.81.3"
push "dhcp-option DOMAIN nk.ca"
push "redirect-gateway defi"
client-to-client

keepalive 1800 3600

tls-version-min 1.2
tls-crypt /usr/local/etc/openvpn/server/ta.key # 0 # This file is secret

cipher AES-256-CBC

;compress lz4-v2
;push "compress lz4-v2"

comp-lzo

max-clients 1000

user nobody
group nobody

persist-key
persist-tun

crl-verify /usr/local/etc/openvpn/easy-rsa/pki/crl.pem
status /var/log/openvpn-status.log

log-append  /var/log/openvpn.log

verb 9

mute 20

explicit-exit-notify 1
fast-io
auth SHA512
remote-cert-tls client
----------------------------------------------------------------------------

Client file

---------------------------------------------------------------------------

client
dev tun
proto udp

remote openvpn.server 1194

nobind

ca ca.crt
cert client.crt
key client.key

revolv-retry infinite

persist-key
persist-tun

mute-replay-warnings
auth-user-pass
remote-cert-tls server
cipher AES-256-CBC
auth SHA512
;tls-auth /usr/local/etc/openvpn/server/ta.key 1
verb 9

mute 5
----------------------------------------------------------------

ipconfig on this side is


-- 
Memben -dapter Ethernet 3:

Connection-specific DNS Suffix  . :
Link-local IPv6 Address . . . . . : fe80::c095:979e:4374:700c%33
IPv4 Address. . . . . . . . . . . : 10.8.0.2
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :

Did I forgot to bridge 192.168.81.1 with 10.8.0.1 ?

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Those who cannot win on facts rely upon slander.  -unknown


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to