Answer the question
In order to leave comments, you need to log in
Why doesn't IP change after connecting to VPN?
Good time of the day.
I am learning how to set up a VPN on Linux Debian.
Everything was done according to the tutorial:
debian-help.ru/articles/ustanovka-nastroika-openvp...
Server config:
port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
server 93.189.42.0 255.255.255.0
push "redirect-gateway eth0"
push "dhcp-option DNS 8.8.8.8"
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher DES-EDE3-CBC
comp-lzo
persist- key
persist-tun
status openvpn-status.log
verb 3
tmp-dir /etc/openvpn/tmp
dev tun
proto tcp
remote 93.189.42.## 1194
route-delay 3
client
tls-client
ns-cert-type server
ca C:\\cert\\ca.crt
cert C:\\cert\\user.crt
key C :\\cert\\user.key
tls-auth C:\\cert\\ta.key 1
cipher DES-EDE3-CBC
comp-lzo
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping-restart 120
ping 10
status C:\\cert\\certopenvpn-status.log
log C:\\cert\\openvpn.log
verb 3
iptables -t nat -A POSTROUTING -s 93.189.42.0/24 -o eth0 -j MASQUERADE
Answer the question
In order to leave comments, you need to log in
iptables -t nat -A POSTROUTING -s client subnet from tunnel -d 0.0.0.0/0 -j SNAT --to-source %ipaddress eth0%
on client should be
route add default gw %ip openvpn server%
route add default gw %ip openvpn server%
Is it about the internet?
Then what is it????
Should n't the address that the server uses to build its local network be from the local ranges? 10.xxx, 172.16.xx 192.168.xx
choose any that your client computer doesn't have in "locals".
For example
, when a connection is made, the client should have one route
0.0.0.0/0 --> tunX with a light weight (lighter than the original one through your local network interface)
and a second route to the server 93.189.42.##
And add this to iptables rule:
This rule says: "disguise" any packet through any tun interface.
And one more thing. Check that the DNS on the client has changed to 8.8.8.8. (although I would recommend raising the DNS on the server and not leaking my Internet adventures to Google)
In addition, I usually even block any DNS traffic through an interface other than tun to avoid a DNS leak when the VPN falls off.
After that, you can enter the browser to the service to determine the IP.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question