Why doesn't IP change after connecting to VPN?

V

Vyacheslav2015-10-09 14:19:21

linux

Vyacheslav, 2015-10-09 14:19:21

Good time of the day.
I am learning how to set up a VPN on Linux Debian.
Everything was done according to the tutorial:
debian-help.ru/articles/ustanovka-nastroika-openvp...
Server config:

port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
server 93.189.42.0 255.255.255.0
push "redirect-gateway eth0"
push "dhcp-option DNS 8.8.8.8"
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher DES-EDE3-CBC
comp-lzo
persist- key
persist-tun
status openvpn-status.log
verb 3
tmp-dir /etc/openvpn/tmp

Client config:

dev tun
proto tcp
remote 93.189.42.## 1194
route-delay 3
client
tls-client
ns-cert-type server
ca C:\\cert\\ca.crt
cert C:\\cert\\user.crt
key C :\\cert\\user.key
tls-auth C:\\cert\\ta.key 1
cipher DES-EDE3-CBC
comp-lzo
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping-restart 120
ping 10
status C:\\cert\\certopenvpn-status.log
log C:\\cert\\openvpn.log
verb 3

IPTABLES:

iptables -t nat -A POSTROUTING -s 93.189.42.0/24 -o eth0 -j MASQUERADE

The server starts successfully. The client is connected too successfully.
But when trying to load some page, the browser resolves the hostname for 2-3 seconds, and then loads the page.
But the problem is that the IP does NOT change to the IP of the VPN.
Please tell me where I messed up and how to fix it.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Azazel PW, 2015-10-09
@azazelpw

iptables -t nat -A POSTROUTING -s client subnet from tunnel -d 0.0.0.0/0 -j SNAT --to-source %ipaddress eth0%
on client should be
route add default gw %ip openvpn server%

N

n1mda, 2015-10-09
@n1mda

route add default gw %ip openvpn server%

he has a client on Windows
, but on business, so put a squid there, and go through it until you have a tunnel up.
and a little more about tun and windu, in windows only TAP! put it on the server and then windows will be able to understand the routes from the vpn server

Y

younghacker, 2015-10-15
@younghacker

Is it about the internet?
Then what is it????
Should n't the address that the server uses to build its local network be from the local ranges? 10.xxx, 172.16.xx 192.168.xx
choose any that your client computer doesn't have in "locals".
For example
, when a connection is made, the client should have one route
0.0.0.0/0 --> tunX with a light weight (lighter than the original one through your local network interface)
and a second route to the server 93.189.42.##
And add this to iptables rule:
This rule says: "disguise" any packet through any tun interface.
And one more thing. Check that the DNS on the client has changed to 8.8.8.8. (although I would recommend raising the DNS on the server and not leaking my Internet adventures to Google)
In addition, I usually even block any DNS traffic through an interface other than tun to avoid a DNS leak when the VPN falls off.
After that, you can enter the browser to the service to determine the IP.