OpenVPN and routing/iptablesOpenVPN server will not redirect trafficPort foreword + openVPN +...
Caulking a corner instead of taping with joint compound?
How can I highlight parts in a screenshot
What are SHA-rounds?
Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?
Plagiarism of code by other PhD student
How to disable or uninstall iTunes under High Sierra without disabling SIP
Why can't we make a perpetual motion machine by using a magnet to pull up a piece of metal, then letting it fall back down?
How to mitigate "bandwagon attacking" from players?
Can a gentile pronounce a blessing for a Jew? Are there songs I can sing that will bring peace?
Make me a metasequence
Can an earth elemental drown/bury its opponent underground using earth glide?
How to get the first first element while continue streaming?
Why is it "take a leak?"
Is the NES controller port identical to the port on a Wii remote?
Can I cast a spell through the Invoke Duplicity clone while inside a Forcecage?
Specific Chinese carabiner QA?
It doesn't matter the side you see it
Misplaced tyre lever - alternatives?
I can't die. Who am I?
In which way proportional valves are controlled solely by current?
Why won't the strings command stop?
Lock enemy's y-axis when using Vector3.MoveTowards to follow the player
1970s scifi/horror novel where protagonist is used by a crablike creature to feed its larvae, goes mad, and is defeated by retraumatising him
How to use math.log10 function on whole pandas dataframe
OpenVPN and routing/iptables
OpenVPN server will not redirect trafficPort foreword + openVPN + iptables?Connect AWS and Azure via OpenVPNsite to site openvpn with Merlin and DD-WRTHow to configure dual homed server in order for both network segments to communicate?How to get OpenVPN Client (Mikrotik RouterOS) <-> OpenVPN server (Debian/Linux) setup to workNO routing in VPN to client sideopenvpn: can't manage to control client-to-client connections with iptablesopenvpn - forward network traffic from specific subnet to specific tun interfaceRouting and OpenVPN not running on the default gateway
I want to setup an OpenVPN with route on my Xubuntu server (router/gateway/share/dhcp/dns/wifi/switch... all in one).
WAN - enp4s0f1 - 77.xxx.xxx.xxx
LAN - br0 - 10.0.1.1
VPN - tun0 - 10.0.2.1
I have to use Tun because of OpenVPN client is iphone. I want to redirect all traffic trough VPN and access all services on server and hosts in LAN.
With current setup I can access internet and services running on server via iphone. Ping from Host on LAN to iphone is working.
I can't use my DNS on iphone and can't access hosts on LAN. Ping from iphone to Host on LAN is not working.
### server.conf
local 77.xxx.xxx.xxx
port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
;topology subnet
server 10.0.2.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.0.1.0 255.255.255.0"
push "redirect-gateway def1"
;push "dhcp-option DNS 10.0.2.1"
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
user nobody
group nogroup
tun-mtu 1500
mssfix 1450
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
### client.ovpn
client
dev tun
proto tcp
remote 77.xxx.xxx.xxx 1194
cipher AES-256-CBC
nobind
tun-mtu 1500
mssfix 1450
ca ca.crt
dh dh2048.pem
tls-auth ta.key 1
cert client_phone.crt
key client_phone.key
ns-cert-type server
verb 3
pull
### IPtables
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*nat
:POSTROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 10.0.2.0/24 -o enp4s0f1 -j MASQUERADE
-A POSTROUTING -o enp4s0f1 -j MASQUERADE
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*mangle
:PREROUTING ACCEPT [9:438]
:INPUT ACCEPT [3:184]
:FORWARD ACCEPT [6:254]
:OUTPUT ACCEPT [5:632]
:POSTROUTING ACCEPT [11:886]
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*filter
:OUTPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
-A INPUT -p tcp -m tcp -i enp4s0f1 --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp -i enp4s0f1 --dport 41 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -m state -i enp4s0f1 --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp ! -i enp4s0f1 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A FORWARD -s 10.0.2.0/24 -i tun0 -o enp4s0f1 -j ACCEPT
-A FORWARD -m conntrack -d 10.0.2.0/24 -i enp4s0f1 -o tun0 --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.2.0/24 -d 10.0.1.0/24 -i tun0 -o br0 -j ACCEPT
-A FORWARD -s 10.0.1.0/24 -d 10.0.2.0/24 -i br0 -o tun0 -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -m state -i enp4s0f1 --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp ! -i enp4s0f1 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
### sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_source_route = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.accept_redirects = 1
route -n
0.0.0.0 77.xxx.xxx.xxx 0.0.0.0 UG 100 0 0 enp4s0f1
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.0.2.0 10.0.2.2 255.255.255.0 UG 0 0 0 tun0
10.0.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
77.xxx.xxx.xxx 0.0.0.0 255.255.255.240 U 0 0 0 enp4s0f1
77.xxx.xxx.xxx 0.0.0.0 255.255.255.255 UH 100 0 0 enp4s0f1
When I try to add route my LAN stop to respond.
route add -net 10.0.2.0/24 gw 10.0.1.1
Could somebody point me to what I am doing wrong? Thank You
Edit 1: Ping and traceroute
Host to Iphone
ping 10.0.2.6
Pinging 10.0.2.6 with 32 bytes of data:
Reply from 10.0.2.6: bytes=32 time=110ms TTL=63
tracert 10.0.2.6
Tracing route to 10.0.2.6 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms HTPC-IMON [10.0.1.1]
2 51 ms 48 ms 54 ms 10.0.2.6
Trace complete.
Iphone (iNetTools-Comsoft.com) - to server:
PING 10.0.1.1 (10.0.1.1): 56 data bytes
64 bytes from 10.0.1.1: icmp_seq=0 ttl=32 time=88.080
Trace route 10.0.1.1 (10.0.1.1), 5 relative hops max, 52 byte packets
1 10.0.1.1 (10.0.1.1) 97.182 ms 193.557 ms 201.693 ms
Iphone to host:
PING 10.0.1.10 (10.0.1.10): 56 data bytes
Request timeout for icmp_seq 0
traceroute to 10.0.1.10 (10.0.1.10), 5 relative hops max, 52 byte packets
1 10.0.2.1 (10.0.2.1) 64.630 ms 127.072 ms 129.492 ms
2 ***
3 ***
4 ***
5 *
Server - to host
ping 10.0.1.10
PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
64 bytes from 10.0.1.10: icmp_seq=1 ttl=128 time=0.308 ms
inetutils-traceroute -I 10.0.1.10
traceroute to 10.0.1.10 (10.0.1.10), 64 hops max
1 10.0.1.10 0,251ms 0,147ms 0,251ms
Edit 2: Nslookup
Host to google.com
Server: UnKnown
Address: 10.0.1.1
Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4014:801::200e
172.217.23.206
Iphone to google.com (without dns set)
google.com 59 IN SOA ns1.google.com
Email: dns-admin@google.com
Serial: 227281678
Refresh: 900
Retry: 900
Expire: 1800
Minimum TTL: 60
google.com 21599 IN NS ns3.google.com
Iphone (NSlookup) to google.com (10.0.1.1)
No result.
Iphone (NSlookup) to google.com (10.0.2.1)
No result.
Bind9
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
check-names master ignore;
check-names slave ignore;
check-names response ignore;
listen-on { 127.0.0.1; 10.0.1.1;10.0.2.1; };
};
iptables openvpn local-area-network route xubuntu
asked Dec 29 '18 at 21:42
Tony762Tony762
112
add a comment |
I want to setup an OpenVPN with route on my Xubuntu server (router/gateway/share/dhcp/dns/wifi/switch... all in one).
WAN - enp4s0f1 - 77.xxx.xxx.xxx
LAN - br0 - 10.0.1.1
VPN - tun0 - 10.0.2.1
I have to use Tun because of OpenVPN client is iphone. I want to redirect all traffic trough VPN and access all services on server and hosts in LAN.
With current setup I can access internet and services running on server via iphone. Ping from Host on LAN to iphone is working.
I can't use my DNS on iphone and can't access hosts on LAN. Ping from iphone to Host on LAN is not working.
### server.conf
local 77.xxx.xxx.xxx
port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
;topology subnet
server 10.0.2.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.0.1.0 255.255.255.0"
push "redirect-gateway def1"
;push "dhcp-option DNS 10.0.2.1"
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
user nobody
group nogroup
tun-mtu 1500
mssfix 1450
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
### client.ovpn
client
dev tun
proto tcp
remote 77.xxx.xxx.xxx 1194
cipher AES-256-CBC
nobind
tun-mtu 1500
mssfix 1450
ca ca.crt
dh dh2048.pem
tls-auth ta.key 1
cert client_phone.crt
key client_phone.key
ns-cert-type server
verb 3
pull
### IPtables
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*nat
:POSTROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 10.0.2.0/24 -o enp4s0f1 -j MASQUERADE
-A POSTROUTING -o enp4s0f1 -j MASQUERADE
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*mangle
:PREROUTING ACCEPT [9:438]
:INPUT ACCEPT [3:184]
:FORWARD ACCEPT [6:254]
:OUTPUT ACCEPT [5:632]
:POSTROUTING ACCEPT [11:886]
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*filter
:OUTPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
-A INPUT -p tcp -m tcp -i enp4s0f1 --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp -i enp4s0f1 --dport 41 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -m state -i enp4s0f1 --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp ! -i enp4s0f1 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A FORWARD -s 10.0.2.0/24 -i tun0 -o enp4s0f1 -j ACCEPT
-A FORWARD -m conntrack -d 10.0.2.0/24 -i enp4s0f1 -o tun0 --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.2.0/24 -d 10.0.1.0/24 -i tun0 -o br0 -j ACCEPT
-A FORWARD -s 10.0.1.0/24 -d 10.0.2.0/24 -i br0 -o tun0 -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -m state -i enp4s0f1 --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp ! -i enp4s0f1 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
### sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_source_route = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.accept_redirects = 1
route -n
0.0.0.0 77.xxx.xxx.xxx 0.0.0.0 UG 100 0 0 enp4s0f1
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.0.2.0 10.0.2.2 255.255.255.0 UG 0 0 0 tun0
10.0.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
77.xxx.xxx.xxx 0.0.0.0 255.255.255.240 U 0 0 0 enp4s0f1
77.xxx.xxx.xxx 0.0.0.0 255.255.255.255 UH 100 0 0 enp4s0f1
When I try to add route my LAN stop to respond.
route add -net 10.0.2.0/24 gw 10.0.1.1
Could somebody point me to what I am doing wrong? Thank You
Edit 1: Ping and traceroute
Host to Iphone
ping 10.0.2.6
Pinging 10.0.2.6 with 32 bytes of data:
Reply from 10.0.2.6: bytes=32 time=110ms TTL=63
tracert 10.0.2.6
Tracing route to 10.0.2.6 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms HTPC-IMON [10.0.1.1]
2 51 ms 48 ms 54 ms 10.0.2.6
Trace complete.
Iphone (iNetTools-Comsoft.com) - to server:
PING 10.0.1.1 (10.0.1.1): 56 data bytes
64 bytes from 10.0.1.1: icmp_seq=0 ttl=32 time=88.080
Trace route 10.0.1.1 (10.0.1.1), 5 relative hops max, 52 byte packets
1 10.0.1.1 (10.0.1.1) 97.182 ms 193.557 ms 201.693 ms
Iphone to host:
PING 10.0.1.10 (10.0.1.10): 56 data bytes
Request timeout for icmp_seq 0
traceroute to 10.0.1.10 (10.0.1.10), 5 relative hops max, 52 byte packets
1 10.0.2.1 (10.0.2.1) 64.630 ms 127.072 ms 129.492 ms
2 ***
3 ***
4 ***
5 *
Server - to host
ping 10.0.1.10
PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
64 bytes from 10.0.1.10: icmp_seq=1 ttl=128 time=0.308 ms
inetutils-traceroute -I 10.0.1.10
traceroute to 10.0.1.10 (10.0.1.10), 64 hops max
1 10.0.1.10 0,251ms 0,147ms 0,251ms
Edit 2: Nslookup
Host to google.com
Server: UnKnown
Address: 10.0.1.1
Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4014:801::200e
172.217.23.206
Iphone to google.com (without dns set)
google.com 59 IN SOA ns1.google.com
Email: dns-admin@google.com
Serial: 227281678
Refresh: 900
Retry: 900
Expire: 1800
Minimum TTL: 60
google.com 21599 IN NS ns3.google.com
Iphone (NSlookup) to google.com (10.0.1.1)
No result.
Iphone (NSlookup) to google.com (10.0.2.1)
No result.
Bind9
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
check-names master ignore;
check-names slave ignore;
check-names response ignore;
listen-on { 127.0.0.1; 10.0.1.1;10.0.2.1; };
};
iptables openvpn local-area-network route xubuntu
asked Dec 29 '18 at 21:42
Tony762Tony762
112
1
Your description says LAN is 10.0.1.1 - your route would add a route to VPN via LAN. --> route add gw 10.0.1.1. Why are you trying to do this?
– Andreas Rehm
Dec 29 '18 at 22:49
I read many comments saying I have to set it manually.
– Tony762
Dec 30 '18 at 18:54
No - you don't.
– Andreas Rehm
Dec 30 '18 at 19:02
add a comment |
I want to setup an OpenVPN with route on my Xubuntu server (router/gateway/share/dhcp/dns/wifi/switch... all in one).
WAN - enp4s0f1 - 77.xxx.xxx.xxx
LAN - br0 - 10.0.1.1
VPN - tun0 - 10.0.2.1
I have to use Tun because of OpenVPN client is iphone. I want to redirect all traffic trough VPN and access all services on server and hosts in LAN.
With current setup I can access internet and services running on server via iphone. Ping from Host on LAN to iphone is working.
I can't use my DNS on iphone and can't access hosts on LAN. Ping from iphone to Host on LAN is not working.
### server.conf
local 77.xxx.xxx.xxx
port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
;topology subnet
server 10.0.2.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.0.1.0 255.255.255.0"
push "redirect-gateway def1"
;push "dhcp-option DNS 10.0.2.1"
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
user nobody
group nogroup
tun-mtu 1500
mssfix 1450
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
### client.ovpn
client
dev tun
proto tcp
remote 77.xxx.xxx.xxx 1194
cipher AES-256-CBC
nobind
tun-mtu 1500
mssfix 1450
ca ca.crt
dh dh2048.pem
tls-auth ta.key 1
cert client_phone.crt
key client_phone.key
ns-cert-type server
verb 3
pull
### IPtables
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*nat
:POSTROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 10.0.2.0/24 -o enp4s0f1 -j MASQUERADE
-A POSTROUTING -o enp4s0f1 -j MASQUERADE
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*mangle
:PREROUTING ACCEPT [9:438]
:INPUT ACCEPT [3:184]
:FORWARD ACCEPT [6:254]
:OUTPUT ACCEPT [5:632]
:POSTROUTING ACCEPT [11:886]
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*filter
:OUTPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
-A INPUT -p tcp -m tcp -i enp4s0f1 --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp -i enp4s0f1 --dport 41 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -m state -i enp4s0f1 --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp ! -i enp4s0f1 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A FORWARD -s 10.0.2.0/24 -i tun0 -o enp4s0f1 -j ACCEPT
-A FORWARD -m conntrack -d 10.0.2.0/24 -i enp4s0f1 -o tun0 --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.2.0/24 -d 10.0.1.0/24 -i tun0 -o br0 -j ACCEPT
-A FORWARD -s 10.0.1.0/24 -d 10.0.2.0/24 -i br0 -o tun0 -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -m state -i enp4s0f1 --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp ! -i enp4s0f1 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
### sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_source_route = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.accept_redirects = 1
route -n
0.0.0.0 77.xxx.xxx.xxx 0.0.0.0 UG 100 0 0 enp4s0f1
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.0.2.0 10.0.2.2 255.255.255.0 UG 0 0 0 tun0
10.0.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
77.xxx.xxx.xxx 0.0.0.0 255.255.255.240 U 0 0 0 enp4s0f1
77.xxx.xxx.xxx 0.0.0.0 255.255.255.255 UH 100 0 0 enp4s0f1
When I try to add route my LAN stop to respond.
route add -net 10.0.2.0/24 gw 10.0.1.1
Could somebody point me to what I am doing wrong? Thank You
Edit 1: Ping and traceroute
Host to Iphone
ping 10.0.2.6
Pinging 10.0.2.6 with 32 bytes of data:
Reply from 10.0.2.6: bytes=32 time=110ms TTL=63
tracert 10.0.2.6
Tracing route to 10.0.2.6 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms HTPC-IMON [10.0.1.1]
2 51 ms 48 ms 54 ms 10.0.2.6
Trace complete.
Iphone (iNetTools-Comsoft.com) - to server:
PING 10.0.1.1 (10.0.1.1): 56 data bytes
64 bytes from 10.0.1.1: icmp_seq=0 ttl=32 time=88.080
Trace route 10.0.1.1 (10.0.1.1), 5 relative hops max, 52 byte packets
1 10.0.1.1 (10.0.1.1) 97.182 ms 193.557 ms 201.693 ms
Iphone to host:
PING 10.0.1.10 (10.0.1.10): 56 data bytes
Request timeout for icmp_seq 0
traceroute to 10.0.1.10 (10.0.1.10), 5 relative hops max, 52 byte packets
1 10.0.2.1 (10.0.2.1) 64.630 ms 127.072 ms 129.492 ms
2 ***
3 ***
4 ***
5 *
Server - to host
ping 10.0.1.10
PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
64 bytes from 10.0.1.10: icmp_seq=1 ttl=128 time=0.308 ms
inetutils-traceroute -I 10.0.1.10
traceroute to 10.0.1.10 (10.0.1.10), 64 hops max
1 10.0.1.10 0,251ms 0,147ms 0,251ms
Edit 2: Nslookup
Host to google.com
Server: UnKnown
Address: 10.0.1.1
Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4014:801::200e
172.217.23.206
Iphone to google.com (without dns set)
google.com 59 IN SOA ns1.google.com
Email: dns-admin@google.com
Serial: 227281678
Refresh: 900
Retry: 900
Expire: 1800
Minimum TTL: 60
google.com 21599 IN NS ns3.google.com
Iphone (NSlookup) to google.com (10.0.1.1)
No result.
Iphone (NSlookup) to google.com (10.0.2.1)
No result.
Bind9
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
check-names master ignore;
check-names slave ignore;
check-names response ignore;
listen-on { 127.0.0.1; 10.0.1.1;10.0.2.1; };
};
iptables openvpn local-area-network route xubuntu
asked Dec 29 '18 at 21:42
Tony762Tony762
112
I want to setup an OpenVPN with route on my Xubuntu server (router/gateway/share/dhcp/dns/wifi/switch... all in one).
WAN - enp4s0f1 - 77.xxx.xxx.xxx
LAN - br0 - 10.0.1.1
VPN - tun0 - 10.0.2.1
I have to use Tun because of OpenVPN client is iphone. I want to redirect all traffic trough VPN and access all services on server and hosts in LAN.
With current setup I can access internet and services running on server via iphone. Ping from Host on LAN to iphone is working.
I can't use my DNS on iphone and can't access hosts on LAN. Ping from iphone to Host on LAN is not working.
### server.conf
local 77.xxx.xxx.xxx
port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
;topology subnet
server 10.0.2.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.0.1.0 255.255.255.0"
push "redirect-gateway def1"
;push "dhcp-option DNS 10.0.2.1"
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
user nobody
group nogroup
tun-mtu 1500
mssfix 1450
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
### client.ovpn
client
dev tun
proto tcp
remote 77.xxx.xxx.xxx 1194
cipher AES-256-CBC
nobind
tun-mtu 1500
mssfix 1450
ca ca.crt
dh dh2048.pem
tls-auth ta.key 1
cert client_phone.crt
key client_phone.key
ns-cert-type server
verb 3
pull
### IPtables
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*nat
:POSTROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 10.0.2.0/24 -o enp4s0f1 -j MASQUERADE
-A POSTROUTING -o enp4s0f1 -j MASQUERADE
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*mangle
:PREROUTING ACCEPT [9:438]
:INPUT ACCEPT [3:184]
:FORWARD ACCEPT [6:254]
:OUTPUT ACCEPT [5:632]
:POSTROUTING ACCEPT [11:886]
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
# Generated by iptables-save v1.6.1 on Sat Dec 29 20:47:38 2018
*filter
:OUTPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
-A INPUT -p tcp -m tcp -i enp4s0f1 --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp -i enp4s0f1 --dport 41 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -m state -i enp4s0f1 --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp ! -i enp4s0f1 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A FORWARD -s 10.0.2.0/24 -i tun0 -o enp4s0f1 -j ACCEPT
-A FORWARD -m conntrack -d 10.0.2.0/24 -i enp4s0f1 -o tun0 --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.2.0/24 -d 10.0.1.0/24 -i tun0 -o br0 -j ACCEPT
-A FORWARD -s 10.0.1.0/24 -d 10.0.2.0/24 -i br0 -o tun0 -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -m state -i enp4s0f1 --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp ! -i enp4s0f1 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
COMMIT
# Completed on Sat Dec 29 20:47:38 2018
### sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_source_route = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.accept_redirects = 1
route -n
0.0.0.0 77.xxx.xxx.xxx 0.0.0.0 UG 100 0 0 enp4s0f1
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.0.2.0 10.0.2.2 255.255.255.0 UG 0 0 0 tun0
10.0.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
77.xxx.xxx.xxx 0.0.0.0 255.255.255.240 U 0 0 0 enp4s0f1
77.xxx.xxx.xxx 0.0.0.0 255.255.255.255 UH 100 0 0 enp4s0f1
When I try to add route my LAN stop to respond.
route add -net 10.0.2.0/24 gw 10.0.1.1
Could somebody point me to what I am doing wrong? Thank You
Edit 1: Ping and traceroute
Host to Iphone
ping 10.0.2.6
Pinging 10.0.2.6 with 32 bytes of data:
Reply from 10.0.2.6: bytes=32 time=110ms TTL=63
tracert 10.0.2.6
Tracing route to 10.0.2.6 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms HTPC-IMON [10.0.1.1]
2 51 ms 48 ms 54 ms 10.0.2.6
Trace complete.
Iphone (iNetTools-Comsoft.com) - to server:
PING 10.0.1.1 (10.0.1.1): 56 data bytes
64 bytes from 10.0.1.1: icmp_seq=0 ttl=32 time=88.080
Trace route 10.0.1.1 (10.0.1.1), 5 relative hops max, 52 byte packets
1 10.0.1.1 (10.0.1.1) 97.182 ms 193.557 ms 201.693 ms
Iphone to host:
PING 10.0.1.10 (10.0.1.10): 56 data bytes
Request timeout for icmp_seq 0
traceroute to 10.0.1.10 (10.0.1.10), 5 relative hops max, 52 byte packets
1 10.0.2.1 (10.0.2.1) 64.630 ms 127.072 ms 129.492 ms
2 ***
3 ***
4 ***
5 *
Server - to host
ping 10.0.1.10
PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
64 bytes from 10.0.1.10: icmp_seq=1 ttl=128 time=0.308 ms
inetutils-traceroute -I 10.0.1.10
traceroute to 10.0.1.10 (10.0.1.10), 64 hops max
1 10.0.1.10 0,251ms 0,147ms 0,251ms
Edit 2: Nslookup
Host to google.com
Server: UnKnown
Address: 10.0.1.1
Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4014:801::200e
172.217.23.206
Iphone to google.com (without dns set)
google.com 59 IN SOA ns1.google.com
Email: dns-admin@google.com
Serial: 227281678
Refresh: 900
Retry: 900
Expire: 1800
Minimum TTL: 60
google.com 21599 IN NS ns3.google.com
Iphone (NSlookup) to google.com (10.0.1.1)
No result.
Iphone (NSlookup) to google.com (10.0.2.1)
No result.
Bind9
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
check-names master ignore;
check-names slave ignore;
check-names response ignore;
listen-on { 127.0.0.1; 10.0.1.1;10.0.2.1; };
};
iptables openvpn local-area-network route xubuntu
iptables openvpn local-area-network route xubuntu
asked Dec 29 '18 at 21:42
Tony762Tony762
112
asked Dec 29 '18 at 21:42
Tony762Tony762
112
edited Dec 30 '18 at 20:02
Tony762
asked Dec 29 '18 at 21:42
Tony762Tony762
112
asked Dec 29 '18 at 21:42
Tony762Tony762
112
asked Dec 29 '18 at 21:42
Tony762Tony762
112
112
1
Your description says LAN is 10.0.1.1 - your route would add a route to VPN via LAN. --> route add gw 10.0.1.1. Why are you trying to do this?
– Andreas Rehm
Dec 29 '18 at 22:49
I read many comments saying I have to set it manually.
– Tony762
Dec 30 '18 at 18:54
No - you don't.
– Andreas Rehm
Dec 30 '18 at 19:02
add a comment |
1
Your description says LAN is 10.0.1.1 - your route would add a route to VPN via LAN. --> route add gw 10.0.1.1. Why are you trying to do this?
– Andreas Rehm
Dec 29 '18 at 22:49
I read many comments saying I have to set it manually.
– Tony762
Dec 30 '18 at 18:54
No - you don't.
– Andreas Rehm
Dec 30 '18 at 19:02
1
1
Your description says LAN is 10.0.1.1 - your route would add a route to VPN via LAN. --> route add gw 10.0.1.1. Why are you trying to do this?
– Andreas Rehm
Dec 29 '18 at 22:49
Your description says LAN is 10.0.1.1 - your route would add a route to VPN via LAN. --> route add gw 10.0.1.1. Why are you trying to do this?
– Andreas Rehm
Dec 29 '18 at 22:49
I read many comments saying I have to set it manually.
– Tony762
Dec 30 '18 at 18:54
I read many comments saying I have to set it manually.
– Tony762
Dec 30 '18 at 18:54
No - you don't.
– Andreas Rehm
Dec 30 '18 at 19:02
No - you don't.
– Andreas Rehm
Dec 30 '18 at 19:02
add a comment |
2 Answers
2
active
oldest
votes
DNS should work with adding this to the client config:
dhcp-option DNS 10.0.1.1
Your server config contains a push dhcp dns - this should work if uncommented and not set to the openvpn server network. There is no DNS - unless you'll configure a server there which I do not recommend.
Your route add command does not make sense to me - openvpn sets the necessary routing.
Your firewall setup seems to be OK. So if your phone can't ping LAN (by the way how do you ping? Which app?) a traceroute result would be great to investigate.
answered Dec 29 '18 at 23:05
Andreas RehmAndreas Rehm
716510
Ping, trace route and NSlookup added to question.
– Tony762
Dec 30 '18 at 20:03
OK - there is an issue with routing or firewall. What happens if you clear the firewall rules - for hints please look here: kerneltalks.com/virtualization/…
– Andreas Rehm
Dec 30 '18 at 21:30
Cleared all rules. Allowed all traffic. Internet working only on server. Host and iphone no. Ping still possible only from host to iphone.
– Tony762
Dec 31 '18 at 11:02
add a comment |
I see several issues with your server.conf:
- "dev tun" should be "dev tun0". If you don't specify the exact device by providing a number on the end, OpenVPN will create one dynamically.
- You have the topology setting commented out with a semicolon. It's required.
- You have the DNS setting for the clients commented out with a semicolon; anything starting with "push" is a setting for the clients.
Not an issue, but in your client.conf, "pull" is redundant with "client" specified. The client/pull options enable the VPN server to push settings to it. See their man page for more details.
answered 9 mins ago
carlin.scottcarlin.scott
1011
New contributor
carlin.scott is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f947017%2fopenvpn-and-routing-iptables%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
DNS should work with adding this to the client config:
dhcp-option DNS 10.0.1.1
Your server config contains a push dhcp dns - this should work if uncommented and not set to the openvpn server network. There is no DNS - unless you'll configure a server there which I do not recommend.
Your route add command does not make sense to me - openvpn sets the necessary routing.
Your firewall setup seems to be OK. So if your phone can't ping LAN (by the way how do you ping? Which app?) a traceroute result would be great to investigate.
answered Dec 29 '18 at 23:05
Andreas RehmAndreas Rehm
716510
Ping, trace route and NSlookup added to question.
– Tony762
Dec 30 '18 at 20:03
OK - there is an issue with routing or firewall. What happens if you clear the firewall rules - for hints please look here: kerneltalks.com/virtualization/…
– Andreas Rehm
Dec 30 '18 at 21:30
Cleared all rules. Allowed all traffic. Internet working only on server. Host and iphone no. Ping still possible only from host to iphone.
– Tony762
Dec 31 '18 at 11:02
add a comment |
DNS should work with adding this to the client config:
dhcp-option DNS 10.0.1.1
Your server config contains a push dhcp dns - this should work if uncommented and not set to the openvpn server network. There is no DNS - unless you'll configure a server there which I do not recommend.
Your route add command does not make sense to me - openvpn sets the necessary routing.
Your firewall setup seems to be OK. So if your phone can't ping LAN (by the way how do you ping? Which app?) a traceroute result would be great to investigate.
answered Dec 29 '18 at 23:05
Andreas RehmAndreas Rehm
716510
Ping, trace route and NSlookup added to question.
– Tony762
Dec 30 '18 at 20:03
OK - there is an issue with routing or firewall. What happens if you clear the firewall rules - for hints please look here: kerneltalks.com/virtualization/…
– Andreas Rehm
Dec 30 '18 at 21:30
Cleared all rules. Allowed all traffic. Internet working only on server. Host and iphone no. Ping still possible only from host to iphone.
– Tony762
Dec 31 '18 at 11:02
add a comment |
DNS should work with adding this to the client config:
dhcp-option DNS 10.0.1.1
Your server config contains a push dhcp dns - this should work if uncommented and not set to the openvpn server network. There is no DNS - unless you'll configure a server there which I do not recommend.
Your route add command does not make sense to me - openvpn sets the necessary routing.
Your firewall setup seems to be OK. So if your phone can't ping LAN (by the way how do you ping? Which app?) a traceroute result would be great to investigate.
answered Dec 29 '18 at 23:05
Andreas RehmAndreas Rehm
716510
DNS should work with adding this to the client config:
dhcp-option DNS 10.0.1.1
Your server config contains a push dhcp dns - this should work if uncommented and not set to the openvpn server network. There is no DNS - unless you'll configure a server there which I do not recommend.
Your route add command does not make sense to me - openvpn sets the necessary routing.
Your firewall setup seems to be OK. So if your phone can't ping LAN (by the way how do you ping? Which app?) a traceroute result would be great to investigate.
answered Dec 29 '18 at 23:05
Andreas RehmAndreas Rehm
716510
answered Dec 29 '18 at 23:05
Andreas RehmAndreas Rehm
716510
answered Dec 29 '18 at 23:05
Andreas RehmAndreas Rehm
716510
answered Dec 29 '18 at 23:05
Andreas RehmAndreas Rehm
716510
716510
Ping, trace route and NSlookup added to question.
– Tony762
Dec 30 '18 at 20:03
OK - there is an issue with routing or firewall. What happens if you clear the firewall rules - for hints please look here: kerneltalks.com/virtualization/…
– Andreas Rehm
Dec 30 '18 at 21:30
Cleared all rules. Allowed all traffic. Internet working only on server. Host and iphone no. Ping still possible only from host to iphone.
– Tony762
Dec 31 '18 at 11:02
add a comment |
Ping, trace route and NSlookup added to question.
– Tony762
Dec 30 '18 at 20:03
OK - there is an issue with routing or firewall. What happens if you clear the firewall rules - for hints please look here: kerneltalks.com/virtualization/…
– Andreas Rehm
Dec 30 '18 at 21:30
Cleared all rules. Allowed all traffic. Internet working only on server. Host and iphone no. Ping still possible only from host to iphone.
– Tony762
Dec 31 '18 at 11:02
Ping, trace route and NSlookup added to question.
– Tony762
Dec 30 '18 at 20:03
Ping, trace route and NSlookup added to question.
– Tony762
Dec 30 '18 at 20:03
OK - there is an issue with routing or firewall. What happens if you clear the firewall rules - for hints please look here: kerneltalks.com/virtualization/…
– Andreas Rehm
Dec 30 '18 at 21:30
OK - there is an issue with routing or firewall. What happens if you clear the firewall rules - for hints please look here: kerneltalks.com/virtualization/…
– Andreas Rehm
Dec 30 '18 at 21:30
Cleared all rules. Allowed all traffic. Internet working only on server. Host and iphone no. Ping still possible only from host to iphone.
– Tony762
Dec 31 '18 at 11:02
Cleared all rules. Allowed all traffic. Internet working only on server. Host and iphone no. Ping still possible only from host to iphone.
– Tony762
Dec 31 '18 at 11:02
add a comment |
I see several issues with your server.conf:
- "dev tun" should be "dev tun0". If you don't specify the exact device by providing a number on the end, OpenVPN will create one dynamically.
- You have the topology setting commented out with a semicolon. It's required.
- You have the DNS setting for the clients commented out with a semicolon; anything starting with "push" is a setting for the clients.
Not an issue, but in your client.conf, "pull" is redundant with "client" specified. The client/pull options enable the VPN server to push settings to it. See their man page for more details.
answered 9 mins ago
carlin.scottcarlin.scott
1011
New contributor
carlin.scott is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I see several issues with your server.conf:
- "dev tun" should be "dev tun0". If you don't specify the exact device by providing a number on the end, OpenVPN will create one dynamically.
- You have the topology setting commented out with a semicolon. It's required.
- You have the DNS setting for the clients commented out with a semicolon; anything starting with "push" is a setting for the clients.
Not an issue, but in your client.conf, "pull" is redundant with "client" specified. The client/pull options enable the VPN server to push settings to it. See their man page for more details.
answered 9 mins ago
carlin.scottcarlin.scott
1011
New contributor
carlin.scott is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I see several issues with your server.conf:
- "dev tun" should be "dev tun0". If you don't specify the exact device by providing a number on the end, OpenVPN will create one dynamically.
- You have the topology setting commented out with a semicolon. It's required.
- You have the DNS setting for the clients commented out with a semicolon; anything starting with "push" is a setting for the clients.
Not an issue, but in your client.conf, "pull" is redundant with "client" specified. The client/pull options enable the VPN server to push settings to it. See their man page for more details.
answered 9 mins ago
carlin.scottcarlin.scott
1011
New contributor
carlin.scott is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I see several issues with your server.conf:
- "dev tun" should be "dev tun0". If you don't specify the exact device by providing a number on the end, OpenVPN will create one dynamically.
- You have the topology setting commented out with a semicolon. It's required.
- You have the DNS setting for the clients commented out with a semicolon; anything starting with "push" is a setting for the clients.
Not an issue, but in your client.conf, "pull" is redundant with "client" specified. The client/pull options enable the VPN server to push settings to it. See their man page for more details.
answered 9 mins ago
carlin.scottcarlin.scott
1011
New contributor
carlin.scott is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 9 mins ago
carlin.scottcarlin.scott
1011
New contributor
carlin.scott is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 9 mins ago
carlin.scottcarlin.scott
1011
answered 9 mins ago
carlin.scottcarlin.scott
1011
1011
New contributor
carlin.scott is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
carlin.scott is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
carlin.scott is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f947017%2fopenvpn-and-routing-iptables%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Your description says LAN is 10.0.1.1 - your route would add a route to VPN via LAN. --> route add gw 10.0.1.1. Why are you trying to do this?
– Andreas Rehm
Dec 29 '18 at 22:49
I read many comments saying I have to set it manually.
– Tony762
Dec 30 '18 at 18:54
No - you don't.
– Andreas Rehm
Dec 30 '18 at 19:02