Answer the question
In order to leave comments, you need to log in
D
D
dsslesarev2019-04-30 19:19:22
dsslesarev, 2019-04-30 19:19:22
How to prevent others from using my internet in OPENVPN?
Hi all!
I created openvpn, but there was a problem, everyone who connects to it uses my Internet channel.
How to prevent them from using internet through my openvpn? When "push "redirect-gateway def1 bypass-dhcp"" is removed, the Internet is blocked on other computers while OPENVPN is connected, after people disconnect they can use their Internet channel.
The task is that all computers are united in one network, but use their own Internet traffic.
server config:
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 10.8.0.0 255.255.255.0 192.168.1.1
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 10.8.0.0 255.255.255.0 192.168.1.1
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
config client
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 192.168.1.71 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
setenv opt block-outside-dns
key-direction 1
verb 3
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 192.168.1.71 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
setenv opt block-outside-dns
key-direction 1
verb 3
1 answer(s)
@dsslesarev
R
res2001, 2019-04-30 @dsslesarev
Remove: push "redirect-gateway def1 bypass-dhcp"
this will turn off the default gateway change, and therefore clients will be able to continue to go to the Internet.
Why is this: push "dhcp-option DNS 8.8.8.8"?
If the clients have internet, then they already have their own configured DNS. Remove.
In general, it should work.
If it does not work, connect the client to the VPN and look at the routing table on the client, the default route in it should be the same (as before the connection). If everything is fine with this, but there is no Internet, then apparently the reason is different.
Similar questions
S
F
A
I
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question