Hello,
I did as much research as possible, but I can't find an answer to my problem. What I am trying to do is to reach the internet (and a LAN) trough a secured OpenVPN connection.
I am using a certificate-based encryption, my server is up and running (config file below). My client can connect to the server, but cannot access the internet from here. As a temporary solution, I have setup a proxy on the server, but this isn't perfect for some applications.
Does anyone have an idea of what is going wrong?
The target LAN is 192.168.1.0/24, the client LAN is 10.16.5.0/24. the router (gateway) on the target LAN is 192.168.1.1 . I have setup a DMZ for the server on the target lan, but I can't write static routes, as a restriction of the router (that's why I came up with the bridged configuration)
Here is my server configuration file (it is running a Debian-based distribution) :
Code:
# Server, TCP/443
proto tcp
port 443
dev tap0
# Keys and certificates
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
cipher AES-256-CBC
# Network
server-bridge 192.168.1.21 255.255.255.0 192.168.1.150 192.168.1.254
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"
push "route 0.0.0.0 255.255.255.255 net_gateway" #I set this up to try to push the correct route, but it doesn't work
keepalive 10 120
comp-lzo
ifconfig-pool-persist ipp.txt
# Security
persist-key
persist-tun
user nobody
group nogroup
chroot /etc/openvpn/jail
# Log
verb 3
mute 20
status openvpn-status.log
log-append /var/log/openvpn.log
Then, my /etc/network/interfaces file :
Code:
auto lo br0
iface lo inet loopback
iface br0 inet static
address 192.168.1.21
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
bridge-ports eth0
post-up /etc/openvpn/scripts/ovup && /etc/init.d/openvpn start
pre-down /etc/init.d/openvpn stop
post-down /etc/openvpn/scripts/ovdown
here are the ovup and ovdown scripts respectively :
Code:
#!/bin/sh
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig eth0 promisc up
ifconfig tap0 promisc up
ifconfig br0 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
Code:
#!/bin/sh
openvpn --rmtun --dev tap0
my client configuration :
Code:
# Client
client
dev tap0
proto tcp-client
remote my.host.name 443 #public IP
resolv-retry infinite
cipher AES-256-CBC
# Keys
ca ca.crt
cert client2.crt
key client2.key
# Security
nobind
persist-key
persist-tun
comp-lzo
verb 3
my client routing table :
Code:
bash-4.2$ /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 tap0
10.16.5.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
10.16.5.11 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
10.16.5.234 127.0.0.1 255.255.255.255 UGH 202 0 0 lo
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
Here, you can see the client gateway, 10.16.5.11, and the client's IP, 10.16.5.237
I am quite new to the universe of networks, so please try to be comprehensive with a mistake I may have made ;-)
Thank you.