I can't help with question 1. A significant reason I can't is I'm not
understanding your configuration, you're going to have to be far more precise
(maybe offer an actual situation) to be helped. One of our OpenVPN servers is
on an Internet-facing firewall, in that case only the ACCEPT rule was needed.
In another case the OpenVPN server is on another system and all that was
required on the firewall was a DNAT to the other system for the appropriate
port.
I've never seen the situation with question 2. In fact, I can't see how that
is possible unless the same subnet exists locally and is being "exported"
("push" directive) by the OpenVPN server. Keep in mind that the OpenVPN client
is using a local network connection to make the remote connection so (at least)
that network (if there are multiple) can't be inaccessible.
On Monday, July 24, 2023 at 12:58:56 AM CDT, Jason Long
<hack3r...@yahoo.com> wrote:
Hi Leroy,
Thank you so much for your reply.
I have two questions and I'm thankful if you answer them:
1- Suppose that two different Internets are connected to your system through
LAN, by default, the operating system uses only one of them unless you use
multipath routing. When you use iptables rules like the below, then the OpenVPN
server connects your NAT NIC to Virtual NIC:
# IF_MAIN=enp0s9
# IF_TUNNEL=tun1
# YOUR_OPENVPN_SUBNET=10.9.0.0/16
# iptables -I INPUT -p udp --dport 1195 -j ACCEPT
# iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state
ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT
# iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j
MASQUERADE
2- When a client connected to the OpenVPN server, then its is disconnected from
the internal network. How to solve it? Can you show me an example?
On Monday, July 24, 2023 at 09:17:48 AM GMT+3:30, Leroy Tennison via
Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
I'm a little unclear about your question so hopefully this general reply will
help. OpenVPN's "push" statement can push routes to clients for server-side
subnets, the "route" statement can inject routes to client subnets into the
server environment and 'iroute' statements can cause OpenVPN clients to do
routing to other client-side subnets. None of this is automatic (must be
specifically configured) and there is routing which may need to be done that
OpenVPN can't do. A good knowledge of routing is going to be needed.
On Sunday, July 23, 2023 at 06:23:37 AM CDT, Jason Long <hack3r...@yahoo.com>
wrote:
Hello,
Thank you so much for your reply.
This is normal in Linux. When you have two NAT NICs, just one of them is used
to connect to the Internet. You must write routing tables. Does OpenVPN do this
routing itself?
On Sunday, July 23, 2023 at 08:34:01 AM GMT+3:30, Leroy Tennison via
Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
Without seeing both conf files, I can only guess at the issue but, did you use
different "local" directives in each conf file?
On Saturday, July 22, 2023 at 08:02:17 AM CDT, Jason Long via Openvpn-users
<openvpn-users@lists.sourceforge.net> wrote:
Hello,
My OpenVPN server has two NICs and both of them are connected to the Internet,
but Linux only activates one of them at the same time. For example:
# ping -I enp0s3 google.com
PING google.com (216.239.38.120) from 10.0.2.15 enp0s3: 56(84) bytes of data.
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=1 ttl=63
time=27.5 ms
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=2 ttl=63
time=45.3 ms
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=3 ttl=63
time=51.4 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2081ms
rtt min/avg/max/mdev = 27.469/41.394/51.433/10.161 ms
#
# ping -I enp0s9 google.com
PING google.com (216.239.38.120) from 10.0.3.15 enp0s8: 56(84) bytes of data.
As you see, only one of them is connected to the Internet. How do I solve this
problem?
Thank you.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
