Hello,
I want to use OpenVPN and HTTPS. I found the following article:

https://snikt.net/blog/2016/12/01/how-not-to-hide-openvpn-behind-https/ssl/

My server has two NICs:
enp0s3 (NAT)
enp0s8 (Local)


My OpenVPN server.conf is as below:

port 443
proto tcp
dev tun1
local 0.0.0.0
port-share 127.0.0.1 4443

ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/Employee_Server.crt
key /etc/openvpn/server/Employee_Server.key
dh /etc/openvpn/server/dh.pem
server 20.20.0.0 255.255.255.0               

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 9.9.9.9"
topology subnet

keepalive 10 120
tls-crypt /etc/openvpn/server/ta.key 0
cipher AES-256-GCM
data-ciphers AES-256-GCM
user nobody
group nogroup
persist-key
persist-tun
client-to-client

status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
log-append  /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1


My Client.conf is:

client
dev tun1
proto tcp
remote 192.168.1.20 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
data-ciphers AES-256-GCM        
cipher AES-256-GCM
verb 3


The firewall rules are:

# IF_MAIN=enp0s3
# IF_TUNNEL=tun1
# YOUR_OPENVPN_SUBNET=20.20.0.0/16
# iptables -I INPUT -p tcp --dport 443 -j ACCEPT
# iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state 
ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT
# iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j 
MASQUERADE

I connected to the OpenVPN server and it showed me the following error message:

Tue Jan 23 14:30:17 2024 NOTE: unable to redirect IPv4 default gateway -- 
Cannot read current default gateway from system
Tue Jan 23 14:30:17 2024 Initialization Sequence Completed
Tue Jan 23 14:30:17 2024 MANAGEMENT: 
>STATE:1706007617,CONNECTED,ROUTE_ERROR,20.20.0.2,192.168.1.20,443,192.168.1.21,1064
Tue Jan 23 14:30:14 2024 ERROR: Some routes were not successfully added. The 
connection may not function correctly


When I want to visit Google.com, then it shows me:

google.com’s DNS address could not be found. Diagnosing the problem.

I installed and configured the Dnsmasq on OpenVPN server and added the 
following iptables rules:

# iptables -A FORWARD -i enp0s8 -o enp0s3 -m state --state ESTABLISHED,RELATED 
-j ACCEPT
# iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT
# iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE

After it I added the following line to Server.conf file:

push "dhcp-option DNS 192.168.1.20"

But I still can't go to the Internet!

How do I troubleshoot?

Thank you.


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to