OpenVPN connection only for specified ip adressesProblems setting up a VPN: can connect but can't ping...
What are the issues with an additional (limited) concentration slot instead of Bladesong?
The need of reserving one's ability in job interviews
Pure Functions: Does "No Side Effects" Imply "Always Same Output, Given Same Input"?
Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?
How do I deal with being envious of my own players?
What could trigger powerful quakes on icy world?
Misplaced tyre lever - alternatives?
Fake utcnow for the pytest
Rationale to prefer local variables over instance variables?
Was it really inappropriate to write a pull request for the company I interviewed with?
Can you be healed or stabilized (if downed) while petrified?
Is there a full canon version of Tyrion's jackass/honeycomb joke?
Six real numbers so that product of any five is the sixth one
How can I be pwned if I'm not registered on the compromised site?
Make me a metasequence
How can I handle a player who pre-plans arguments about my rulings on RAW?
Starting index at zero
Would the melodic leap of the opening phrase of Mozart's K545 be considered dissonant?
I encountered my boss during an on-site interview at another company. Should I bring it up when seeing him next time?
How to play ethic aspects my character is said to have, I as player don't understand?
Giving a talk in my old university, how prominently should I tell students my salary?
Why do phishing e-mails use faked e-mail addresses instead of the real one?
Does "legal poaching" exist?
Should we avoid writing fiction about historical events without extensive research?
OpenVPN connection only for specified ip adresses
Problems setting up a VPN: can connect but can't ping anyoneOpenVPN server will not redirect trafficOpenVPN routing problemOpenVPN connection from within 2nd subnet in office?openvpn multiple instances route issue?Connect AWS and Azure via OpenVPNConfiguring OpenVPN server (Debian 8) and client (Windows 10)OpenVPN and multicast routingOpenVPN Client Local LAN AccessRouting and OpenVPN not running on the default gateway
I have a vpn with OpenVpn on a ubuntu server which works for every connection.
The server config is:
port 1194
proto udp
dev tun
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/CommonName.crt
key easy-rsa/keys/CommonName.key
dh easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "topology subnet"
topology subnet
route 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
My client.conf contains:
client
dev tun
proto udp
remote IP_ADDRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user.crt
key user.key
ns-cert-type server
comp-lzo
verb 3
Currently the server is routing each connection through the vpn connection.
This is done via iptables:
iptables -A FORWARD -o ens3 -i tun0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
so, this is fine.
Now i just want to use the vpn connection, if the source destination is example.com. Otherwise not.
So i tried this one:
iptables -A FORWARD -o ens3 -i tun0 -s 10.8.0.0/24 -d example.com -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack -s example.com --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
but this, didn't work. i also use the ip address from example.com.
But if i browse to other websites, it will use the vpn connection.
I verified this by testing with show my current ip adress services
What i'm doing wrong?
iptables --help shows me
[!] --destination -d address[/mask][...]
Or does it not work for this? How can i fix it?
ubuntu vpn openvpn
asked 1 min ago
robrob
1145
add a comment |
I have a vpn with OpenVpn on a ubuntu server which works for every connection.
The server config is:
port 1194
proto udp
dev tun
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/CommonName.crt
key easy-rsa/keys/CommonName.key
dh easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "topology subnet"
topology subnet
route 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
My client.conf contains:
client
dev tun
proto udp
remote IP_ADDRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user.crt
key user.key
ns-cert-type server
comp-lzo
verb 3
Currently the server is routing each connection through the vpn connection.
This is done via iptables:
iptables -A FORWARD -o ens3 -i tun0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
so, this is fine.
Now i just want to use the vpn connection, if the source destination is example.com. Otherwise not.
So i tried this one:
iptables -A FORWARD -o ens3 -i tun0 -s 10.8.0.0/24 -d example.com -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack -s example.com --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
but this, didn't work. i also use the ip address from example.com.
But if i browse to other websites, it will use the vpn connection.
I verified this by testing with show my current ip adress services
What i'm doing wrong?
iptables --help shows me
[!] --destination -d address[/mask][...]
Or does it not work for this? How can i fix it?
ubuntu vpn openvpn
asked 1 min ago
robrob
1145
add a comment |
I have a vpn with OpenVpn on a ubuntu server which works for every connection.
The server config is:
port 1194
proto udp
dev tun
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/CommonName.crt
key easy-rsa/keys/CommonName.key
dh easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "topology subnet"
topology subnet
route 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
My client.conf contains:
client
dev tun
proto udp
remote IP_ADDRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user.crt
key user.key
ns-cert-type server
comp-lzo
verb 3
Currently the server is routing each connection through the vpn connection.
This is done via iptables:
iptables -A FORWARD -o ens3 -i tun0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
so, this is fine.
Now i just want to use the vpn connection, if the source destination is example.com. Otherwise not.
So i tried this one:
iptables -A FORWARD -o ens3 -i tun0 -s 10.8.0.0/24 -d example.com -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack -s example.com --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
but this, didn't work. i also use the ip address from example.com.
But if i browse to other websites, it will use the vpn connection.
I verified this by testing with show my current ip adress services
What i'm doing wrong?
iptables --help shows me
[!] --destination -d address[/mask][...]
Or does it not work for this? How can i fix it?
ubuntu vpn openvpn
asked 1 min ago
robrob
1145
I have a vpn with OpenVpn on a ubuntu server which works for every connection.
The server config is:
port 1194
proto udp
dev tun
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/CommonName.crt
key easy-rsa/keys/CommonName.key
dh easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "topology subnet"
topology subnet
route 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
My client.conf contains:
client
dev tun
proto udp
remote IP_ADDRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user.crt
key user.key
ns-cert-type server
comp-lzo
verb 3
Currently the server is routing each connection through the vpn connection.
This is done via iptables:
iptables -A FORWARD -o ens3 -i tun0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
so, this is fine.
Now i just want to use the vpn connection, if the source destination is example.com. Otherwise not.
So i tried this one:
iptables -A FORWARD -o ens3 -i tun0 -s 10.8.0.0/24 -d example.com -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack -s example.com --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
but this, didn't work. i also use the ip address from example.com.
But if i browse to other websites, it will use the vpn connection.
I verified this by testing with show my current ip adress services
What i'm doing wrong?
iptables --help shows me
[!] --destination -d address[/mask][...]
Or does it not work for this? How can i fix it?
ubuntu vpn openvpn
ubuntu vpn openvpn
asked 1 min ago
robrob
1145
asked 1 min ago
robrob
1145
asked 1 min ago
robrob
1145
asked 1 min ago
robrob
1145
asked 1 min ago
robrob
1145
1145
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f957002%2fopenvpn-connection-only-for-specified-ip-adresses%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f957002%2fopenvpn-connection-only-for-specified-ip-adresses%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
