openvpn - One IP per one client VPN -
i'm trying give specific clients individual external ip addresses.
main config:
local main_ip port 1194 dev tun user nobody group $nogroup persist-key persist-tun keepalive 10 120 topology subnet server 10.8.0.0 255.255.0.0 client-config-dir /etc/openvpn/ccd ifconfig-pool-persist ipp.txt push "dhcp-option dns 80.67.169.12" push "dhcp-option dns 80.67.169.40" push "redirect-gateway def1 bypass-dhcp"
client config dir, i_client
| /etc/openvpn/ccd/i_client
:
ifconfig-push 10.8.33.1 10.8.33.2 iroute 10.8.33.0 255.255.255.0
from client client change subnet - 10.8.*.0
rules iptables:
accept - iptables -i forward -s 10.8.0.0/16 -j accept
for clients, config not defined in ccd
directory - iptables -t nat -a postrouting -o ens3 -s 10.8.0.0/24 -j snat --to-source primary_external_ip
for 1 individual client - iptables -t nat -a postrouting -s "10.8.33.0/255.255.255.0" -o ens3 -j snat --to-source individual_external_ip
client:
client proto udp remote remote_ip 1194 dev tun resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth sha256 cipher aes-128-cbc tls-client tls-version-min 1.2 tls-cipher tls-dhe-rsa-with-aes-128-gcm-sha256 setenv opt block-outside-dns
when try connect usual client primary ip - ok.
when try connect client individual ip - success auth, can not load sites.
Comments
Post a Comment