Hi all! I've been trying to get openvpn working for quite some time, and this is the only tutorial that I followed all the way to the "end" without any errors.
Openvpn starts up nicely as a service, and I seem to be able to connect to it without receiving any errors in the openvpn log on the client.
I just don't really understand the "push 192.168.x.x 255.255.255.0" part of all this. Is this VPN set up to only push local traffic or is it all traffic? Cause checking my public IP (when hotspotting from mobile) it doesn't change it to the public IP of the openvpn jail. (I don't necessarily want this functionality, I just want to be able to get to my webUI's from outside my network, like sonar on "192.168.0.4:8989")
As it is now, I have set up Organizr on Nginx in a jail 192.168.0.16:80, and set all tabs to reference the local IP, (like the 192.168.0.4:8989). So when I go to 192.168.0.16:80 from my home network I get all the contents of my different jails served without issues.
Now I wanted this to be possible through the VPN as well. I have forwarded port 80 through my router to the Nginx jail, which loads up organizr when accessing over the web (through my domain and DDNS service) however, the tabs are not served (obviously because the ports aren't open and I haven't setup a reverse proxy)
So how do I route to those jails on 192.168.0.XX through the VPN?
My gateway and DHCP is on 192.168.0.1 on subnet 255.255.255.0
Jail with Open VPN is on 192.168.0.12 with external port 443 forwarded to that IP and port 1194
Here is my client config:
Code:
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
;remote my-server-1 1194
remote domainhidden.org 443
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;mute-replay-warnings
ca ca.crt
cert TheLapMonk.crt
key TheLapMonk.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
;mute 20
And server config:
Code:
local 192.168.0.12
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/openvpn-server.crt
dh /usr/local/etc/openvpn/keys/dh.pem
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
route 192.168.0.12 255.255.255.0 10.8.0.1
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
remote-cert-tls client
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
explicit-exit-notify 1
The "route" and "push" parts are what I'm having trouble understanding...
PLZ HALP
EDIT: My current understanding is, that when connected to the VPN remotely if I were to enter 192.168.0.4:8989 into my address bar, the VPN would send me through to my home network and the sonarr jail overwriting routing to any potential web UI's on the "Remote-local-network" while "google.com" would be ignored by the VPN and send me straight" through the wonders of the world wide web.
EDIT 2:
ipfw.rules:
Code:
#!/bin/sh
EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair)
ipfw -q -f flush
ipfw -q nat 1 config if ${EPAIR}
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}
ipfw -q add nat 1 all from any to any in via ${EPAIR}
TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
ifconfig ${TUN} name tun0