Closed 6triker closed 4 months ago
OpenVPN uses the network segment you set in the configuration. There is no hard coded value. If you are encountering some issue, please share config and log files. Thanks!
Appears to be related to: https://github.com/angristan/openvpn-install/issues/1206
OpenVPN uses the network segment you set in the configuration. There is no hard coded value. If you are encountering some issue, please share config and log files. Thanks!
[root@dev ~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.8.1 0.0.0.0 UG 0 0 0 ens18 10.8.16.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 ens18 [root@dev ~]# cat /etc/iptables/add-openvpn-rules.sh
iptables -t nat -I POSTROUTING 1 -s 10.8.16.0/24 -o ens18 -j MASQUERADE iptables -I INPUT 1 -i tun0 -j ACCEPT iptables -I FORWARD 1 -i ens18 -o tun0 -j ACCEPT iptables -I FORWARD 1 -i tun0 -o ens18 -j ACCEPT iptables -I INPUT 1 -i ens18 -p tcp --dport 1194 -j ACCEPT [root@dev ~]# cat /etc/openvpn/server.conf port 1194 proto tcp dev tun user nobody group nobody persist-key persist-tun keepalive 10 120 topology subnet server 10.8.16.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.8.0 255.255.255.0 vpn_gateway" dh none ecdh-curve prime256v1 tls-crypt tls-crypt.key crl-verify crl.pem ca ca.crt cert server_maXx0LQwcdJ5XtrS.crt key server_maXx0LQwcdJ5XtrS.key auth SHA256 cipher AES-128-GCM ncp-ciphers AES-128-GCM tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 client-config-dir /etc/openvpn/ccd status /var/log/openvpn/status.log verb 3
The client cannot access other addresses in the 192.168.8.0 network segment. Is there a problem with my configuration?
OpenVPN uses the network segment you set in the configuration. There is no hard coded value. If you are encountering some issue, please share config and log files. Thanks!
[root@dev ~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.8.1 0.0.0.0 UG 0 0 0 ens18 10.8.16.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 ens18 [root@dev ~]# cat /etc/iptables/add-openvpn-rules.sh #!/bin/sh iptables -t nat -I POSTROUTING 1 -s 10.8.16.0/24 -o ens18 -j MASQUERADE iptables -I INPUT 1 -i tun0 -j ACCEPT iptables -I FORWARD 1 -i ens18 -o tun0 -j ACCEPT iptables -I FORWARD 1 -i tun0 -o ens18 -j ACCEPT iptables -I INPUT 1 -i ens18 -p tcp --dport 1194 -j ACCEPT [root@dev ~]# cat /etc/openvpn/server.conf port 1194 proto tcp dev tun user nobody group nobody persist-key persist-tun keepalive 10 120 topology subnet server 10.8.16.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.8.0 255.255.255.0 vpn_gateway" dh none ecdh-curve prime256v1 tls-crypt tls-crypt.key crl-verify crl.pem ca ca.crt cert server_maXx0LQwcdJ5XtrS.crt key server_maXx0LQwcdJ5XtrS.key auth SHA256 cipher AES-128-GCM ncp-ciphers AES-128-GCM tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 client-config-dir /etc/openvpn/ccd status /var/log/openvpn/status.log verb 3
The client cannot access other addresses in the 192.168.8.0 network segment. Is there a problem with my configuration?
Through the iptables log, it was found that the packet has been forwarded, and if it does not flow properly, it should be unrelated to the VPN. We are currently investigating!
OpenVPN does not use the default 10.8.0.0/24 network segment and cannot be forwarded