-
-
Save laurenorsini/9925434 to your computer and use it in GitHub Desktop.
local 192.168.2.0 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS | |
dev tun | |
proto udp #Some people prefer to use tcp. Don't change it if you don't know. | |
port 1194 | |
ca /etc/openvpn/easy-rsa/keys/ca.crt | |
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME | |
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME | |
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here! | |
server 10.8.0.0 255.255.255.0 | |
# server and remote endpoints | |
ifconfig 10.8.0.1 10.8.0.2 | |
# Add route to Client routing table for the OpenVPN Server | |
push "route 10.8.0.1 255.255.255.255" | |
# Add route to Client routing table for the OpenVPN Subnet | |
push "route 10.8.0.0 255.255.255.0" | |
# your local subnet | |
push "route 192.168.2.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS | |
# Set primary domain name server address to the SOHO Router | |
# If your router does not do DNS, you can use Google DNS 8.8.8.8 | |
push "dhcp-option DNS 192.168.2.1" # This should already match your router address and not need to be changed. | |
# Override the Client default gateway by using 0.0.0.0/1 and | |
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of | |
# overriding but not wiping out the original default gateway. | |
push "redirect-gateway def1" | |
client-to-client | |
duplicate-cn | |
keepalive 10 120 | |
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 | |
cipher AES-128-CBC | |
comp-lzo | |
user nobody | |
group nogroup | |
persist-key | |
persist-tun | |
status /var/log/openvpn-status.log 20 | |
log /var/log/openvpn.log | |
verb 1 |
I struggled to connect to devices on my local LAN when I was connected from a client.
I noticed that line 13, the last number on the subnet is 255
:
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
When changing this to 0
to match the local subnet (line 17), it worked initially when testing on 3G, but then stopped.
Any ideas?
what does the iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
do? beacuse it make my internet working.
will this saved if i restart the raspberry pi?
Happened the same as @esseti, once introduced the postrouting everything started to work. Until then, I was only able to reach the public ip of the eth0 of the rpi.
So, at the end there is two things extra that I needed to end up with a working openvpn with fully "redirect-gateway"
I have to create the tun/tap device and add the iptable rule, every time the system starts.
To acomplish that I modified /etc/network/if-up.d/openvpn
And added the four lines to the script:
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
between the first and second if.
Lauren, works great! Thank you so much.
I have tested three ClientX.ovpn and all connect and run just fine; from my iPad--- next my droid tablet and phone.
I'm using the OpenVPN Client on the iPad, and I played havoc trying to get my .ovpn profile into the tablet. I finally was able to do this by using iTunes (with the iPad connected to my mac) in the apps pulldown; drag and drop the profile onto the OpenVPN Client in the apps pane and viola! (then import the .ovpn from within the OpenVPN Client on the iPad).
I'm finally able to to use Pro SSH term app to access my plethora of PIs and Edisons from the iPad as though I were sitting there at home; very nice--- got this going following your very good instructions on a Raspberry PI B+ with Raspbian.
Thanks again.
I am able to connect to the VPN remotely and within my network. The issue I have is when I connect remotely, I can't see the PC I have internally. for example, if i connect my tablet and PC on the same network internally through the VPN I am able to see them both on computer>network list. If I connect my tablet remotely on 4G, I successfully connect to the VPN, but I cannot see the PC that is on the network.
This is my interfaces file:
and my server file:
Here is the iptables:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j MASQUERADE
If changes are made to this after finishing the steps in the guide do we need to remake any keys or redo any steps to the whole process?
push "dhcp-option DNS 192.168.1.1" # This should already match your router address and not need to be changed.
I had this line set up as my public IP address not my router IP.
Noob here. Can someone please help me? What's my CRT and KEY name? How do I find out?
This is what I get:
Please enter an existing Client Name:
Client1
Client’s cert found: Client1
Client’s Private Key found: Client1.3des.key
CA public Key found: ca.crt
tls-auth Private Key found: ta.key
./MakeOVPN.sh: line 46: Default.txt: command not found
Done! Client1.ovpn Successfully Created.
./MakeOVPN.sh: line 72: No: command not found
I am facing problem while connecting SIP Registrations
I can able to connect Client with OPENVPN Server, Please tell me the IP routing configuration:
my current IP route is:
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
192.168.101.0/24 dev em1 proto kernel scope link src 192.168.101.2
64.xxx.xx.xx/24 dev em1 proto kernel scope link src 64.xxx.xx.xx
10.8.0.0/24 via 10.8.0.2 dev tun0
169.254.0.0/16 dev em1 scope link metric 1002
default via 192.168.101.1 dev em1 src 192.168.101.2
default via 64.56.73.1 dev em1
Changed my Local Subnet to the pi itself since I am also runnning Pi-hole.
Able to get to yahoo.com and google.com and some other sites but others doesn't load at all, when connected, am i missing somthing?
Found out im using my ipv6 address and not my ipv4 address when checking out my ip, so i'm assuming its using the ipv6 of the sites that i can connect to.
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
can someone explain what this means ? what is CRT and Key name or do i just leave it as so?
The following script in the repository enabled duplicate-cn by default. You don't want to change the config file.
https://github.com/gayankuruppu/openvpn-install-for-multiple-users
I had this all configured at one point and things were peachy. Now, not so much.
nmap -sU 192.168.1.101
gives:
Host is up.
PORT STATE SERVICE
1194/udp open|filtered openvpn
but open port check (canyouseeme.org) shows 1194 "connection refused"
Port forwarding is enabled under the NAT/QoS tab of DD-WRT, with 1194 being forwarded to 192.168.1.101
Any ideas?