Hi,
this is not needed in the server.conf: ' push "redirect-gateway defi"'
IMHO 'server' should be:
server 10.8.0.1 255.255.0.0
(why do you need a /16? your definetly will not be able to handle more than
256 clients simultaneously)
What's your plan on the network layout? 192.168.81.1 is the'public'
interface, where you clients connect, you've your tap, with 10.8.0.0/16 and
I assume you've some other internal network. To get this working, you either
have to setup forwarding + routing or use server-bridge + bridging, but than
you'll have to extend the internal L2 network (and DON'T bridge the
192.168.81.x with 10.8.0.0/16!!!)
What's the 'ifconfig' for the tap interface on the server? It should have
the IP 10.8.0.1 (fix the 'server' line), then once connected with the
client, try to ping the tap interface's address (default gw won't be set on
client, 'redirect gw' does the job a bit differently - just check the
clients routing table)
Cheers,
Tom
-----Original Message-----
From: The Doctor [mailto:[email protected]]
Sent: Saturday, April 4, 2020 9:58 PM
To: Dajka Tam?s <[email protected]>; 'openvpn users list'
<[email protected]>
Subject: Completing the VPN Re: [Openvpn-users] First time set up using
openvpn
tls-crypt in place of tls-auth did the trick.
However routing and gateway seems to be non-functional.
So the working server file is
---------------------------------------------------------------------
local 192.168.81.1
port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/server/ca.crt
cert /usr/local/etc/openvpn/server/issued/server.crt
key /usr/local/etc/openvpn/server/private/server.key
dh /usr/local/etc/openvpn/server/dh.pem
topology subnet
server 10.8.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.0.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 192.168.81.1"
push "dhcp-option DNS 192.168.81.3"
push "dhcp-option DOMAIN nk.ca"
push "redirect-gateway defi"
client-to-client
keepalive 1800 3600
tls-version-min 1.2
tls-crypt /usr/local/etc/openvpn/server/ta.key # 0 # This file is secret
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
comp-lzo
max-clients 1000
user nobody
group nobody
persist-key
persist-tun
crl-verify /usr/local/etc/openvpn/easy-rsa/pki/crl.pem
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 9
mute 20
explicit-exit-notify 1
fast-io
auth SHA512
remote-cert-tls client
----------------------------------------------------------------------------
Client file
---------------------------------------------------------------------------
client
dev tun
proto udp
remote openvpn.server 1194
nobind
ca ca.crt
cert client.crt
key client.key
revolv-retry infinite
persist-key
persist-tun
mute-replay-warnings
auth-user-pass
remote-cert-tls server
cipher AES-256-CBC
auth SHA512
;tls-auth /usr/local/etc/openvpn/server/ta.key 1 verb 9
mute 5
----------------------------------------------------------------
ipconfig on this side is
--
Memben -dapter Ethernet 3:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::c095:979e:4374:700c%33
IPv4 Address. . . . . . . . . . . : 10.8.0.2 Subnet Mask . . . . . . . . . .
. : 255.255.0.0 Default Gateway . . . . . . . . . :
Did I forgot to bridge 192.168.81.1 with 10.8.0.1 ?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici
doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President
Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on
Atheism Those who cannot win on facts rely upon slander. -unknown
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
