I want to setup an OpenVPN with route on my Xubuntu server (router/gateway/share/dhcp/dns/wifi/switch… all in one).
WAN – enp4s0f1 – 77.xxx.xxx.xxx
LAN – br0 – 10.0.1.1
VPN – tun0 – 10.0.2.1
I have to use Tun because of OpenVPN client is iphone. I want to redirect all traffic trough VPN and access all services on server and hosts in LAN.
With current setup I can access internet and services running on server via iphone. Ping from Host on LAN to iphone is working.
I can’t use my DNS on iphone and can’t access hosts on LAN. Ping from iphone to Host on LAN is not working.
local 77.xxx.xxx.xxx port 1194 proto tcp dev tun ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh2048.pem ;topology subnet server 10.0.2.0 255.255.255.0 ifconfig-pool-persist /var/log/openvpn/ipp.txt push "route 10.0.1.0 255.255.255.0" push "redirect-gateway def1" ;push "dhcp-option DNS 10.0.2.1" client-to-client keepalive 10 120 tls-auth /etc/openvpn/ta.key 0 cipher AES-256-CBC user nobody group nogroup tun-mtu 1500 mssfix 1450 persist-key persist-tun status /var/log/openvpn/openvpn-status.log log-append /var/log/openvpn/openvpn.log verb 3
client dev tun proto tcp remote 77.xxx.xxx.xxx 1194 cipher AES-256-CBC nobind tun-mtu 1500 mssfix 1450 ca ca.crt dh dh2048.pem tls-auth ta.key 1 cert client_phone.crt key client_phone.key ns-cert-type server verb 3 pull
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018 *nat :POSTROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 10.0.2.0/24 -o enp4s0f1 -j MASQUERADE -A POSTROUTING -o enp4s0f1 -j MASQUERADE COMMIT # Completed on Sat Dec 29 20:47:38 2018 # Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018 *mangle :PREROUTING ACCEPT [9:438] :INPUT ACCEPT [3:184] :FORWARD ACCEPT [6:254] :OUTPUT ACCEPT [5:632] :POSTROUTING ACCEPT [11:886] COMMIT # Completed on Sat Dec 29 20:47:38 2018 # Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018 *filter :OUTPUT ACCEPT [0:0] :FORWARD DROP [0:0] :INPUT DROP [0:0] -A INPUT -p tcp -m tcp -i enp4s0f1 --dport 1194 -j ACCEPT -A INPUT -p tcp -m tcp -i enp4s0f1 --dport 41 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i br0 -j ACCEPT -A INPUT -m state -i enp4s0f1 --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp ! -i enp4s0f1 -j ACCEPT -A INPUT -i tun0 -j ACCEPT -A FORWARD -s 10.0.2.0/24 -i tun0 -o enp4s0f1 -j ACCEPT -A FORWARD -m conntrack -d 10.0.2.0/24 -i enp4s0f1 -o tun0 --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 10.0.2.0/24 -d 10.0.1.0/24 -i tun0 -o br0 -j ACCEPT -A FORWARD -s 10.0.1.0/24 -d 10.0.2.0/24 -i br0 -o tun0 -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -i br0 -j ACCEPT -A FORWARD -m state -i enp4s0f1 --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -p icmp ! -i enp4s0f1 -j ACCEPT -A FORWARD -i tun0 -j ACCEPT COMMIT # Completed on Sat Dec 29 20:47:38 2018
net.ipv4.ip_forward=1 net.ipv4.conf.all.accept_source_route = 1 net.ipv4.conf.all.send_redirects = 1 net.ipv4.conf.all.accept_redirects = 1
0.0.0.0 77.xxx.xxx.xxx 0.0.0.0 UG 100 0 0 enp4s0f1 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 10.0.2.0 10.0.2.2 255.255.255.0 UG 0 0 0 tun0 10.0.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 77.xxx.xxx.xxx 0.0.0.0 255.255.255.240 U 0 0 0 enp4s0f1 77.xxx.xxx.xxx 0.0.0.0 255.255.255.255 UH 100 0 0 enp4s0f1
When I try to add route my LAN stop to respond.
route add -net 10.0.2.0/24 gw 10.0.1.1
Could somebody point me to what I am doing wrong? Thank You
✓ Extra quality
ExtraProxies brings the best proxy quality for you with our private and reliable proxies
✓ Extra anonymity
Top level of anonymity and 100% safe proxies – this is what you get with every proxy package
✓ Extra speed
1,ooo mb/s proxy servers speed – we are way better than others – just enjoy our proxies!
USA proxy location
We offer premium quality USA private proxies – the most essential proxies you can ever want from USA
Our proxies have TOP level of anonymity + Elite quality, so you are always safe and secure with your proxies
Use your proxies as much as you want – we have no limits for data transfer and bandwidth, unlimited usage!
Superb fast proxy servers with 1,000 mb/s speed – sit back and enjoy your lightning fast private proxies!
99,9% servers uptime
Alive and working proxies all the time – we are taking care of our servers so you can use them without any problems
No usage restrictions
You have freedom to use your proxies with every software, browser or website you want without restrictions
Perfect for SEO
We are 100% friendly with all SEO tasks as well as internet marketing – feel the power with our proxies
Buy more proxies and get better price – we offer various proxy packages with great deals and discounts
We are working 24/7 to bring the best proxy experience for you – we are glad to help and assist you!