Hello, I want to use OpenVPN and HTTPS. I found the following article: https://snikt.net/blog/2016/12/01/how-not-to-hide-openvpn-behind-https/ssl/
My server has two NICs: enp0s3 (NAT) enp0s8 (Local) My OpenVPN server.conf is as below: port 443 proto tcp dev tun1 local 0.0.0.0 port-share 127.0.0.1 4443 ca /etc/openvpn/server/ca.crt cert /etc/openvpn/server/Employee_Server.crt key /etc/openvpn/server/Employee_Server.key dh /etc/openvpn/server/dh.pem server 20.20.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 9.9.9.9" topology subnet keepalive 10 120 tls-crypt /etc/openvpn/server/ta.key 0 cipher AES-256-GCM data-ciphers AES-256-GCM user nobody group nogroup persist-key persist-tun client-to-client status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 3 explicit-exit-notify 1 My Client.conf is: client dev tun1 proto tcp remote 192.168.1.20 443 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server data-ciphers AES-256-GCM cipher AES-256-GCM verb 3 The firewall rules are: # IF_MAIN=enp0s3 # IF_TUNNEL=tun1 # YOUR_OPENVPN_SUBNET=20.20.0.0/16 # iptables -I INPUT -p tcp --dport 443 -j ACCEPT # iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT # iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADE I connected to the OpenVPN server and it showed me the following error message: Tue Jan 23 14:30:17 2024 NOTE: unable to redirect IPv4 default gateway -- Cannot read current default gateway from system Tue Jan 23 14:30:17 2024 Initialization Sequence Completed Tue Jan 23 14:30:17 2024 MANAGEMENT: >STATE:1706007617,CONNECTED,ROUTE_ERROR,20.20.0.2,192.168.1.20,443,192.168.1.21,1064 Tue Jan 23 14:30:14 2024 ERROR: Some routes were not successfully added. The connection may not function correctly When I want to visit Google.com, then it shows me: google.com’s DNS address could not be found. Diagnosing the problem. I installed and configured the Dnsmasq on OpenVPN server and added the following iptables rules: # iptables -A FORWARD -i enp0s8 -o enp0s3 -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT # iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE After it I added the following line to Server.conf file: push "dhcp-option DNS 192.168.1.20" But I still can't go to the Internet! How do I troubleshoot? Thank you. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
