Hello,
My OpenVPN server has two NICs as below:
enp0s3: (NAT)
enp0s8: (Local)I installed OpenVPN on it and its configuration is as the follow:
# cat /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
tls-auth ta.key 0
data-ciphers AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1I started the OpenVPN service and it made a virtual NIC:
# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:feed:b47c prefixlen 64 scopeid 0x20<link>
ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet)
RX packets 7010 bytes 4245282 (4.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4989 bytes 938827 (916.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.20 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a00:27ff:fe74:6397 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:74:63:97 txqueuelen 1000 (Ethernet)
RX packets 3335 bytes 611417 (597.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1060 bytes 259691 (253.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 19 bytes 1824 (1.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 19 bytes 1824 (1.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
inet6 fe80::3b8a:eb82:bdad:49a5 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 133 bytes 9116 (8.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 456 (456.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Then, I connected a Windows OS to my OpenVPN server. Windows did not have internet. After it, I did the following iptables rules:
# IF_MAIN=enp0s3
# IF_TUNNEL=tun0
# YOUR_OPENVPN_SUBNET=10.8.0.0/16
# iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT
# iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADEThe Internet is OK and Windows can ping targets by their IP address, but not their name. I installed the Dnsmasq on my OpenVPN server and configured it. After it, I added the following iptables rules:
# iptables -A FORWARD -i enp0s8 -o enp0s3 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT
# iptables -A FORWARD -j LOG
# iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADEAnd change push “dhcp-option DNS IP” in the OpenVPN configuration with my local OpenVPN server IP.
Problem solved. I have some questions:
1- I want to know that is it normal? Why didn’t OpenVPN share the Internet by default? Is it because I have two NICs?
2- How about the ping problem? Is a DNS server needed for an OpenVPN server?
Thank you.