From c241651b25fe26183b8d60f4d31b67e67370a532 Mon Sep 17 00:00:00 2001 From: Filipe Rodrigues Date: Wed, 15 Jun 2022 18:46:08 +0100 Subject: [PATCH] Fixed some parts of `VPN`. --- router1.startup | 2 +- router1/root/server.conf | 13 +++++++------ router3.startup | 2 +- router3/root/client.conf | 2 +- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/router1.startup b/router1.startup index a496032..62fc639 100644 --- a/router1.startup +++ b/router1.startup @@ -15,4 +15,4 @@ ip route add 0.0.0.0/0 via 6.6.6.2 chmod 0600 router1-server.key ta.key # Then start server - openvpn --client-config-dir ccd --ccd-exclusive --cipher AES-256-CBC --config server.conf & + openvpn server.conf & diff --git a/router1/root/server.conf b/router1/root/server.conf index 1984355..1f4428a 100644 --- a/router1/root/server.conf +++ b/router1/root/server.conf @@ -138,7 +138,7 @@ ifconfig-pool-persist /var/log/openvpn/ipp.txt # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. -;push "route 192.168.10.0 255.255.255.0" +push "route 5.4.3.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" # To assign specific IP addresses to specific @@ -152,8 +152,9 @@ ifconfig-pool-persist /var/log/openvpn/ipp.txt # also has a small subnet behind his connecting # machine, such as 192.168.40.128/255.255.255.248. # First, uncomment out these lines: -;client-config-dir ccd -;route 192.168.40.128 255.255.255.248 +client-config-dir ccd +ccd-exclusive +route 5.4.3.0 0.0.0.255 # Then create a file ccd/Thelonious with this line: # iroute 192.168.40.128 255.255.255.248 # This will allow Thelonious' private subnet to @@ -189,7 +190,7 @@ ifconfig-pool-persist /var/log/openvpn/ipp.txt # (The OpenVPN server machine may need to NAT # or bridge the TUN/TAP interface to the internet # in order for this to work properly). -;push "redirect-gateway def1 bypass-dhcp" +push "redirect-gateway def1" # Certain Windows-specific network settings # can be pushed to clients, such as DNS @@ -206,7 +207,7 @@ ifconfig-pool-persist /var/log/openvpn/ipp.txt # To force clients to only see the server, you # will also need to appropriately firewall the # server's TUN/TAP interface. -;client-to-client +client-to-client # Uncomment this directive if multiple clients # might connect with the same certificate/key @@ -260,7 +261,7 @@ cipher AES-256-CBC # For compression compatible with older clients use comp-lzo # If you enable it here, you must also # enable it in the client config file. -;comp-lzo +comp-lzo # The maximum number of concurrently connected # clients we want to allow. diff --git a/router3.startup b/router3.startup index a755236..152eb39 100644 --- a/router3.startup +++ b/router3.startup @@ -41,4 +41,4 @@ ip route add 0.0.0.0/0 via 6.6.6.1 chmod 0600 router3-client.key ta.key # Then start client - openvpn --redirect-gateway def1 --cipher AES-256-CBC --config client.conf & + openvpn client.conf & diff --git a/router3/root/client.conf b/router3/root/client.conf index 80dd0e6..29048e0 100644 --- a/router3/root/client.conf +++ b/router3/root/client.conf @@ -118,7 +118,7 @@ cipher AES-256-CBC # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. -#comp-lzo +comp-lzo # Set log file verbosity. verb 3