Hi!
I had installed openVPN and works perfectly.
The server has a los of other services installed, but I cant use none of them when I connect into the vpn.
only few of them I configurated to enter outside local Network.
My server has de ip 192.168.1.4 and the openVpn give me the ip 10.8.0.6.
If I try to see the harddrive share or use the vnc conection always return that the host is unreachable.
Any suggestions?
thanks a lot!
this information probably helps.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.1.4/24 brd 192.168.1.255 scope global eth1
valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
valid_lft forever preferred_lft forever
default via 192.168.1.1 dev eth1 onlink
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.4
local 10.8.0.1 dev tun0 table local proto kernel scope host src 10.8.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 192.168.1.4 dev eth1 table local proto kernel scope host src 192.168.1.4
broadcast 192.168.1.255 dev eth1 table local proto kernel scope link src 192.168.1.4
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Thi is my server configuration
port 1194
proto udp
dev tun
ca ca.crt
cert DietPi_OpenVPN_Server.crt
key DietPi_OpenVPN_Server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
client-to-client
keepalive 10 60
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
verb 3
# Web Forwarding (uncomment to enable)
#push "redirect-gateway"
#push "dhcp-option DNS 10.8.0.1"
Did you enbale IP forwarding?
cat /etc/sysctl.conf | grep net.ipv4.ip_forward
You would also need to set some iptable rules to allow traffic between the different interfaces, your VPN has it’s own network interface.
You installed just openVPN via dietpi-software?
I would recommend to use PiVPN, it will care about everything, the IP forwarding and the routing rules etc, so you don’t have to apply it manually.
I uncommentd the ip_forward=1 in this file, reboot the system but nothing happened.
I did some other changes in openVPN config file
# Web Forwarding (uncomment to enable)
push "redirect-gateway"
push "dhcp-option DNS 10.8.0.1"
and I can enter inside server services, but I can’t use the browser because the system can’t convert url names to ip’s.
The openVPN was installed from dietpi-software.
I add also
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
But now I don’t know what I needed to change to fix everything.
Thank you so much!
I don’t understand this part. The resolution should happend by a DNS service. Do you use your own DNS server like pihole?
I recommend you to use PiVPN, it will detect wireguard / Pihole and care about everything.
I don’t have dns service, I use the router configuration.
I know that is better to user PiVPN but only left resolve this configuration, and my braid want to resolve withouth change to other program.
I changed that
push "dhcp-option DNS 192.168.1.1"
but in the client log appear
OPTIONS:
0 [redirect-gateway]
1 [dhcp-option] [DNS] [10.8.0.1]
2 [route] [10.8.0.0] [255.255.255.0]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [60]
6 [ifconfig] [10.8.0.6] [10.8.0.5]
7 [peer-id] [0]
8 [cipher] [AES-256-GCM]
9 [protocol-flags] [cc-exit] [tls-ekm] [dyn-tls-crypt]
10 [tun-mtu] [1500]
11 [block-ipv6]
12 [block-ipv4]```
Probably only left one configuration to do, but I need to find it.
Thanks!
I left only this line
push "route 192.168.1.0 255.255.255.0"
with that everything works, my doub if these line are neccesary.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Thanks!
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.