Answer the question
In order to leave comments, you need to log in
Y
Y
Yuri Tuzhuriy2017-02-17 13:11:04
Yuri Tuzhuriy, 2017-02-17 13:11:04
How to distribute the Internet through the OpenVPN server on Windows Server 2008 (VPS Amazon EC2)?
I'm not experienced in setting up networks, but I can usually follow instructions creatively. In this case, I can not find a solution to my problem: the OpenVPN client cannot access the Internet on the server.
First of all, I set up the server with the following config (according to the instructions from here ):
dev tun
proto udp
port 1194
tls-server
ca «C:\\Program Files\\OpenVPN\\ssl\\ca.crt»
cert «C:\\Program Files\\OpenVPN\\ssl\\Server.crt»
key «C:\\Program Files\\OpenVPN\\ssl\\Server.key»
dh «C:\\Program Files\\OpenVPN\\ssl\\dh1024.pem»
server 10.8.0.0 255.255.255.0
cipher AES-128-CBC
persist-key
tls-auth «C:\\Program Files\\OpenVPN\\ssl\\ta.key» 0
client-to-client
client-config-dir «C:\\Program Files\\OpenVPN\\ccd»
ifconfig-pool-persist «C:\\Program Files\\OpenVPN\\ccd\\ipp.txt»
crl-verify «C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\crl.pem»
status «C:\\Program Files\\OpenVPN\\log\\logopenvpn-status.log»
log «C:\\Program Files\\OpenVPN\\log\\openvpn.log»
tun-mtu 1500
comp-lzo
mssfix
keepalive 10 120
verb 3The client config is
dev tun
proto udp
remote 35.157.64.248 1194
route-delay 3
client
tls-client
ns-cert-type server
ca «C:\\Program Files\\OpenVPN\\ssl\\ca.crt»
cert «C:\\Program Files\\OpenVPN\\ssl\\user1.crt»
key «C:\\Program Files\\OpenVPN\\ssl\\user1.key»
tls-auth «C:\\Program Files\\OpenVPN\\ssl\\ta.key» 1
cipher AES-128-CBC
comp-lzo
mssfix
tun-mtu 1500
ping-restart 60
ping 10
verb 3The server started, the client connected. Started the routing service on the server. There are pings between the internal IPs of the client and the server on the 10.8.0.x network, but nothing else. Since I have a server on a VPS, there is no internal network 192.168.0.1, there is immediately an Internet adapter in the network settings. And all the instructions are written for Linux using iptables, but for Windows I can’t find any universal (and working private) solution, even on the Toaster. Yes, and many solutions for two offices to be on a common network, I do not need it.
I tried to add the following code to the server config:
push "redirect-gateway"and in theory everything should be automatically forwarded, but this does not happen.
The result of running the route print command on the server
C:\Users\Administrator>route print
===========================================================================
Interface List
13...00 ff 9a ca 69 4a ......TAP-Windows Adapter V9
12...06 02 af dc 62 23 ......AWS PV Network Device #0
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.31.16.1 172.31.18.241 10
10.8.0.0 255.255.255.0 10.8.0.2 10.8.0.1 20
10.8.0.0 255.255.255.252 On-link 10.8.0.1 276
10.8.0.1 255.255.255.255 On-link 10.8.0.1 276
10.8.0.3 255.255.255.255 On-link 10.8.0.1 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.169.250 255.255.255.255 172.31.16.1 172.31.18.241 10
169.254.169.251 255.255.255.255 172.31.16.1 172.31.18.241 10
169.254.169.254 255.255.255.255 172.31.16.1 172.31.18.241 10
172.31.16.0 255.255.240.0 On-link 172.31.18.241 266
172.31.18.241 255.255.255.255 On-link 172.31.18.241 266
172.31.31.255 255.255.255.255 On-link 172.31.18.241 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.31.18.241 266
224.0.0.0 240.0.0.0 On-link 10.8.0.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.31.18.241 266
255.255.255.255 255.255.255.255 On-link 10.8.0.1 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 266 fe80::/64 On-link
13 276 fe80::/64 On-link
12 266 fe80::4e9:9722:dce7:412d/128
On-link
13 276 fe80::f146:a2f:eb74:2f6a/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
NoneOn the client
C:\Users\klient>route print
IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика
0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 35
10.8.0.0 255.255.255.0 10.8.0.5 10.8.0.6 35
10.8.0.4 255.255.255.252 On-link 10.8.0.6 291
10.8.0.6 255.255.255.255 On-link 10.8.0.6 291
10.8.0.7 255.255.255.255 On-link 10.8.0.6 291
35.157.64.248 255.255.255.255 192.168.1.1 192.168.1.215 56
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
169.254.0.0 255.255.0.0 On-link 169.254.158.54 281
169.254.158.54 255.255.255.255 On-link 169.254.158.54 281
169.254.255.255 255.255.255.255 On-link 169.254.158.54 281
192.168.1.0 255.255.255.0 On-link 192.168.1.215 311
192.168.1.0 255.255.255.0 On-link 192.168.1.22 291
192.168.1.17 255.255.255.255 On-link 192.168.1.215 56
192.168.1.22 255.255.255.255 On-link 192.168.1.22 291
192.168.1.215 255.255.255.255 On-link 192.168.1.215 311
192.168.1.255 255.255.255.255 On-link 192.168.1.215 311
192.168.1.255 255.255.255.255 On-link 192.168.1.22 291
192.168.95.0 255.255.255.0 On-link 192.168.95.1 291
192.168.95.1 255.255.255.255 On-link 192.168.95.1 291
192.168.95.255 255.255.255.255 On-link 192.168.95.1 291
192.168.245.0 255.255.255.0 On-link 192.168.245.1 291
192.168.245.1 255.255.255.255 On-link 192.168.245.1 291
192.168.245.255 255.255.255.255 On-link 192.168.245.1 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.22 291
224.0.0.0 240.0.0.0 On-link 192.168.1.215 311
224.0.0.0 240.0.0.0 On-link 192.168.95.1 291
224.0.0.0 240.0.0.0 On-link 192.168.245.1 291
224.0.0.0 240.0.0.0 On-link 169.254.158.54 281
224.0.0.0 240.0.0.0 On-link 10.8.0.6 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.22 291
255.255.255.255 255.255.255.255 On-link 192.168.1.215 311
255.255.255.255 255.255.255.255 On-link 192.168.95.1 291
255.255.255.255 255.255.255.255 On-link 192.168.245.1 291
255.255.255.255 255.255.255.255 On-link 169.254.158.54 281
255.255.255.255 255.255.255.255 On-link 10.8.0.6 291
===========================================================================
Постоянные маршруты:
Отсутствует
Постоянные маршруты:
ОтсутствуетWhat is the problem? I would be extremely grateful for your help.
Similar questions
A
Anton2014-08-16 18:10:36
How to forward ports from debian ovpn server for client e2k and torrent?
0Reply
A
D
N
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question