Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
VITYA-XY12021-01-13 00:52:25
openvpn
VITYA-XY1, 2021-01-13 00:52:25

Can you please advise a reliable, proven vpn solution for such a task?

1) There is an AWS VPC, it has my domains on low-environment, you need to access them only from the IP address of the VPN,
2) On the other hand, I do not want to let all client traffic through VPN, but only traffic that is equivalent to VPC CIDR and domains stage.example.com, example.com, 2ip.ru
3) Clients: desktops macOS, Windows, Linux (Fedora, Ubuntu), Mobiles: android, iOS (you need it to work the same way around)

Who is interested in delving into the OpenVPN configs, here they are :
client:

client
proto                 udp
dev                   tun
remote                {{server ip}}
port                  12000

resolv-retry          infinite

remote-cert-tls       server
auth                  SHA256
cipher                AES-256-CBC

ignore-unknown-option block-outside-dns
block-outside-dns
verb                  4
allow-pull-fqdn

persist-key
persist-tun
nobind
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>


Server:

proto      udp
dev         tun

local       {{local ip}}
port        12000

topology    subnet
server      10.100.0.0 255.255.255.0

ca           keys/ca.crt
cert        keys/issued/server.crt
key         keys/private/server.key
dh          keys/dh.pem
tls-crypt   keys/tc.key
crl-verify  keys/crl.pem

auth        SHA256
cipher      AES-256-CBC

user         nobody
group       nobody

status                /var/log/openvpn/openvpn-status.log
log                   /var/log/openvpn/openvpn.log
log-append            /var/log/openvpn/openvpn.log
ifconfig-pool-persist ipp.txt
verb                  4

allow-pull-fqdn
push "route stage.example.com 255.255.255.255"
push "route example.com 255.255.255.255"

persist-key
persist-tun
explicit-exit-notify


Errors:
android:
14:20:21.714 -- exception parsing IPv4 route: [route] [example.com] [255.255.255.255]  : addr_pair_mask_parse_error: AddrMaskPair parse error 'route': example.com/255.255.255.255 : ip_exception: error parsing route IP address 'example.com' : Invalid argument

windows(VirtualBox):
The connection with the outside world just falls off, and Google's ip addresses (8.8.8.8) are pinged without problems.
Well, it’s like this: who wants to pour out the negative and write that my hands are in the wrong place.)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
K
ky0, 2021-01-13
@ky0

What for you thrust domain names in routes?
If you want certain sites to go through vpn - raise a DNS server that would give local addresses to the desired names, and push it to vpn clients when connected.

Similar questions
D
DarhuBer2018-09-16 15:20:36
OpenVPN and IPSEC tunnels, access question? 2Reply
A
Artem2014-02-11 12:31:40
Why doesn't .local zone resolve through openvpn on iphone? 3Reply
F
Fenghuang2018-10-07 13:17:35
The OpenVpn server cannot reach devices behind the client. What could be the problem? 1Reply
J
jennybin2018-10-07 22:45:22
How to make openvpn+proxifier automatically reconnect? 1Reply
D
Denis2014-03-19 08:40:39
How to make an OpenVPN connection through an SSH tunnel? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question