Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Spirg2017-06-26 22:34:28
openvpn
Spirg, 2017-06-26 22:34:28

How to pass unknown traffic through VPN?

In general, I set up the server and all that, I'll throw the config below, with this config, all traffic goes through the server, but it shouldn't! What am I doing wrong?

## GENERAL ##

# TCP, port 443, tunneling
mode server
proto tcp
port 443
dev tun

## KEY, CERTS AND NETWORK CONFIGURATION ##
# Identity
ca ca.crt
# Public key
cert server.crt
# Private key
key server.key
# Symmetric encryption
dh dh.pem
# Improve security (DDOS, port flooding...)
# 0 for the server, 1 for the client
tls-auth ta.key 0
# Encryption protocol
cipher AES-256-CBC

# Network
# Subnetwork, the server will be the 10.8.0.1 and clients will take the other ips
server 10.8.0.0 255.255.255.0

# Redirect all IP network traffic originating on client machines to pass through the OpenVPN server
#;push "redirect-gateway def1 bypass-dhcp"

# Routes

# Yandex network
push "route 5.45.192.0 255.255.192.0"
push "route 5.255.192.0 255.255.192.0"
push "route 37.9.64.0 255.255.192.0"
push "route 37.140.128.0 255.255.192.0"
push "route 77.88.0.0 255.255.192.0"
push "route 84.201.128.0 255.255.192.0"
push "route 87.250.224.0 255.255.224.0"
push "route 93.158.128.0 255.255.192.0"
push "route 95.108.128.0 255.255.128.0"
push "route 100.43.64.0 255.255.224.0"
push "route 130.193.32.0 255.255.224.0"
push "route 141.8.128.0 255.255.192.0"
push "route 178.154.128.0 255.255.128.0"
push "route 199.21.96.0 255.255.252.0"
push "route 199.36.240.0 255.255.252.0"
push "route 213.180.192.0 255.255.224.0"

push "route-ipv6 2620:10f:d000::/44"
push "route-ipv6 2a02:6b8::/32"

# Mail.ru network
push "route 5.61.16.0 255.255.248.0"
push "route 5.61.232.0 255.255.248.0"
push "route 79.137.157.0 255.255.255.0"
push "route 79.137.183.0 255.255.255.0"
push "route 94.100.176.0 255.255.240.0"
push "route 95.163.32.0 255.255.224.0"
push "route 95.163.248.0 255.255.248.0"
push "route 128.140.168.0 255.255.248.0"
push "route 178.22.88.0 255.255.248.0"
push "route 178.237.16.0 255.255.240.0"
push "route 185.5.136.0 255.255.252.0"
push "route 185.16.148.0 255.255.252.0"
push "route 185.16.244.0 255.255.252.0"
push "route 188.93.56.0 255.255.248.0"
push "route 194.186.63.0 255.255.255.0"
push "route 195.211.20.0 255.255.252.0"
push "route 195.218.168.0 255.255.255.0"
push "route 217.20.144.0 255.255.240.0"
push "route 217.69.128.0 255.255.240.0"

push "route-ipv6 2a00:1148::/32"
push "route-ipv6 2a00:a300::/32"
push "route-ipv6 2a00:b4c0::/32"

# VK.com network
push "route 87.240.128.0 255.255.192.0"
push "route 93.186.224.0 255.255.240.0"
push "route 95.142.192.0 255.255.240.0"
push "route 95.213.0.0 255.255.192.0"
push "route 185.32.248.0 255.255.252.0"

push "route-ipv6 2a00:bdc0::/36"
push "route-ipv6 2a00:bdc0:e006::/48"

# Kaspersky network
push "route 77.74.176.0 255.255.252.0"
push "route 77.74.181.0 255.255.255.0"
push "route 77.74.183.0 255.255.255.0"
push "route 93.159.228.0 255.255.252.0"
push "route 185.54.220.0 255.255.254.0"
push "route 185.85.12.0 255.255.255.0"
push "route 185.85.14.0 255.255.254.0"

push "dhcp-option DNS 8.8.8.8" #Устанавливаем DNS резолверы
push "route 8.8.8.8"  # Маршрут до этого адреса через VPN

push "dhcp-option DNS 74.82.42.42" # HE.net DNS в качестве вторичных 
push "route 74.82.42.42" # Route to HE.net DNS


# Ping every 10 seconds and if after 120 seconds the client doesn't respond we disconnect
keepalive 10 120
# Regenerate key each 5 hours (disconnect the client)
reneg-sec 18000

## SECURITY ##

# Downgrade privileges of the daemon
;user nobody
;group nogroup

# Persist keys (because we are nobody, so we couldn't read them again)
persist-key
# Don't close and re open TUN/TAP device
persist-tun
# Enable compression
comp-lzo

## LOG ##

# Verbosity
# 3/4 for a normal utilisation
verb 3
# Max 20 messages of the same category
mute 20
# Log gile where we put the clients status
status openvpn-status.log
# Log file
log-append /var/log/openvpn.log
# Configuration directory of the clients
client-config-dir ccd

## PASS ##

# Allow running external scripts with password in ENV variables
script-security 3

# Use the authenticated username as the common name, rather than the common name from the client cert
username-as-common-name
# Client certificate non requried
client-cert-not-required
# Use the connection script when a user wants to login
auth-user-pass-verify scripts/login.sh via-env
# Maximum of clients
max-clients 50
# Run this scripts when the client connects/disconnects
client-connect scripts/connect.sh
client-disconnect scripts/disconnect.sh

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Spirg, 2017-06-26
@Spirg

Krch, got tired but decided, if someone has such a problem, in the client config, check the redirect-gateway line, or comment it out, or delete it.

Similar questions
D
dsslesarev2019-04-30 19:19:22
How to prevent others from using my internet in OPENVPN? 1Reply
K
kazm2016-12-13 20:43:32
Is it possible to access the Internet through another client in the provider's local area? 3Reply
D
Dmitry2021-01-17 15:34:25
How to specify in the OpenVPN settings which IPs to distribute to clients? 1Reply
D
Dima_kras2019-05-21 09:07:58
How to "forward" a port from a local network to a VPN on a Teltonica router? 1Reply
E
Egor Tyuvaev2016-12-30 14:43:00
How to properly configure an OpenVPN server behind NAT so that you can access the Internet through it? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question