Hi Emanuel,
On 10/11/2022 20:53, Emanuel Gonzalez wrote:
I was able to install my first ec2 instance with openVPN.
My configuration is
local 0.0.0.0
port 5194
proto udp
dev tap1
server 10.8.2.0 255.255.255.0
route 10.8.2.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/kiu-udp/ipp.txt
client-config-dir /etc/openvpn/kiu-ccd
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-udp-status.log
log /var/log/openvpn-udp.log
log-append /var/log/openvpn-udp.log
verb 4
ca /etc/openvpn/kiu/keys/ca.crt
cert /etc/openvpn/kiu/keys/kiu.crt
key /etc/openvpn/kiu/keys/kiu.key
dh /etc/openvpn/kiu/keys/dh2048.pem
crl-verify /etc/openvpn/kiu/keys/crl.pem
tls-version-min 1.2
cipher AES-256-CBC
auth RSA-SHA256
push "dhcp-option DOMAIN prod"
push "dhcp-option DOMAIN stage"
push "dhcp-option DNS 10.54.0.2"
push "dhcp-option DNS 8.8.8.8"
In this file client-config-dir /etc/openvpn/kiu-ccd add this
push "route 10.54.0.0 255.255.0.0"
push "route 10.40.0.0 255.255.0.0"
push "route 10.60.0.0 255.255.0.0"
push "route 172.31.0.0 255.255.0.0"
push "dhcp-option DNS 10.54.0.2"
Two things:
1) you mention "in this file client-config-dir ...." The
"client-config-dir" points to a *directory* , in which you place files
with the name (/CN=) part of the certificates of your client. Are you
sure your server configuration is picking up these files?
Are the right routes in place after the client connects? what does "ip
r s" (Linux) or "route print" (Windows) give?
(Post sanitized output please)
2) like Gert said, this is most likely a routing issue; you said you've
enabled routing but how about iptables/nftables? is there a firewall in
place?
If you use NATting then be careful when attempting this, but a crude
method is
systemctl stop firewalld
systemctl stop iptables
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
HTH,
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
