Answer the question
In order to leave comments, you need to log in
E
E
Eldalex2020-08-17 19:00:46
Eldalex, 2020-08-17 19:00:46
Why does the Internet or network disappear when connecting OpenVPN?
Good afternoon!
I can't figure out how to set up openvpn.
there is a remote server with a white ip that actually acts as a vpn server
server.conf
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key
dh dh.pem
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
auth SHA256
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
;log /var/log/openvpn/openvpn.log
;log-append /var/log/openvpn/openvpn.log
verb 3
;mute 20
explicit-exit-notify 1
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key
dh dh.pem
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
auth SHA256
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
;log /var/log/openvpn/openvpn.log
;log-append /var/log/openvpn/openvpn.log
verb 3
;mute 20
explicit-exit-notify 1
everything seems to be working, but as always there is a BUT, which I can’t figure out. I'm green in networks :(
after the client connects to vpn, he sees the entire internal network, but the Internet completely falls off for him
routes with vpn
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
default 192.168.2.1 0.0.0.0 UG 0 0 0 vmbr0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
mskhos 192.168.2.1 255.255.255.255 UGH 0 0 0 vmbr0
128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0If you disable the push "redirect-gateway def1 bypass-dhcp" parameter, the
Internet works on the client, but in this case VPN devices are not visible.
routes without the redirect-gateway parameter
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.2.1 0.0.0.0 UG 0 0 0 vmbr0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
mskhos 192.168.2.1 255.255.255.255 UGH 0 0 0 vmbr0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vmbr0the solution is somewhere nearby, but I can’t reach the second day (
Similar questions
K
D
Dima_kras2019-04-26 13:32:37
How to forward a port to the OpenVPN client network on Asus routers?
1Reply
J
D
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question