>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 >Hi,
>------- Original Message ------- >On Monday, November 6th, 2023 at 12:26, Jason Long <hack3r...@yahoo.com> wrote: ><s> > > Hello, > Thank you so much for your reply. > Some lines of my server.conf file are: > > push "redirect-gateway def1 bypass-dhcp" > push "dhcp-option DNS 172.20.1.2" > push "dhcp-option DNS 172.20.1.7" > topology subnet > > > Should I add the following line in my client configuration file: > > redirect-gateway def1 bypass-dns > > And add the following line to my server configuration file: > > pull-filter ignore 'redirect-gateway*' > > > Right? >No, >--pull-filter is a client option, so is used by the client. >However, because you are pushing DNS servers from the server, >I will assume that 172.20.1.0/24 is a subnet on the server >side of the VPN; In which case you need to read the Howto >section which explains "Expanding the scope of the VPN ": >https://community.openvpn.net/openvpn/wiki/HOWTO#ExpandingthescopeoftheVPNtoincludeadditionalmachinesoneithertheclientorserversubnet >You do not need to use "redirect-gateway" or "pull-filter" >on the client side at all. >-- >-----BEGIN PGP SIGNATURE----- >Version: ProtonMail >wsBzBAEBCAAnBYJlSOjyCZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr >kLidAACXoAf/dw5/HO5VILQ8WVdKqsJl+9qEqIz9Ly1ykUQIEyy8Dt0Y/FmH >+pp9uyyMN9HroHCvmtxi0gEr2/WE43qte8T2OQ62XmgZKhYRG1HQ31by/pdP >5xZhKJlbZt16ZA2Hqlub8GnDYdZLUTE1LLPJqOrh3Ocr6KSL7z4vXKRE6ziw >zvmC44yk/t658irxC9+aG8HHDAVMLfwc7RBIWqxjZyCze4o07zVqf3ZdPBJ2 >XOkN79hWdRgxZrnA6wTgPqz3s6PxJqJ5HpRYpoXyFQdig25O6wuBqskAGN/T >JQkfl5UdQ6aQzFuqTJl51rtoxL+kWVR5Z97hQ8Un8KRJi7ICBK0eTw== >=1bvO >-----END PGP SIGNATURE----- Hello, I added the following line to the server.conf file: push "route 172.20.0.0 255.255.255.0" Then, I restarted the OpenVPN service: # systemctl restart openvpn But, I can't ping computers on the internal network by name. I have some questions about the following two lines: 1- Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines). Should I write the routing table on the OpenVPN server? 2- Make sure that you've enabled IP and TUN/TAP forwarding on the OpenVPN server machine. I have enabled IP forwarding on the server. What is TUN/TAP forwarding? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
