<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Pokud ma OpenVPN fungovat jako gateway (tzn klient pak bude
      posilat vsechny data do internetu pres VPN), <br>
      tak je potreba jeste nastavit bud na klientovi:<br>
        redirect-gateway<br>
      nebo na serveru:<br>
        push "redirect-gateway"</p>
    <p>A navic v iptables (firewalld) nastavit masquerade (aby data
      pochazejici z vpn pri preposilani do internetu mela source ip toho
      VPSka.<br>
      A jak uz bylo napsano v predeslem emailu je potreba povolit ip
      forwarding (echo 1 > /proc/sys/net/ipv4/ip_forward) a taky
      forwarding ve firewallu (iptables, firewalld).</p>
    <p>Miroslav Misek</p>
    <div class="moz-cite-prefix">On 21. 02. 19 14:16, Jiri Drozd wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:1205030177.7379.1550755002419.JavaMail.zimbra@sde.cz">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div style="font-family: arial, helvetica, sans-serif; font-size:
        12pt; color: #000000">
        <div>Ahoj,<br>
        </div>
        <div><br data-mce-bogus="1">
        </div>
        <div>uz nevim podle ceho sem to nastavoval, tady je muj config
          ktery funguje:<br data-mce-bogus="1">
        </div>
        <div><br data-mce-bogus="1">
        </div>
        <div>port 1111<br>
          proto udp<br>
          dev tun<br>
          ca /etc/openvpn/full/keys/ca.crt<br>
          cert /etc/openvpn/full/keys/server.crt<br>
          key /etc/openvpn/full/keys/server.key <br>
          dh /etc/openvpn/full/keys/dh2048.pem<br>
          topology subnet<br>
          server 172.16.123.0 255.255.255.0<br>
          ifconfig-pool-persist ipp-full.txt<br>
          push "redirect-gateway def1 bypass-dhcp"<br>
          push "dhcp-option DNS 8.8.8.8"<br>
          keepalive 10 30<br>
          tls-auth /etc/openvpn/easy-rsa-full/keys/ta.key 0<br>
          cipher AES-256-CBC <br>
          comp-lzo<br>
          max-clients 100<br>
          user nobody<br>
          group nogroup<br>
          persist-key<br>
          persist-tun<br>
          status openvpn-full-status.log<br>
          verb 3<br>
          mute 20<br>
          reneg-sec 180<br>
        </div>
        <div><br data-mce-bogus="1">
        </div>
        <div>treba mit jeste povoleny forwarding <a
            href="https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux"
            moz-do-not-send="true">https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux</a><br
            data-mce-bogus="1">
        </div>
        <div>a pokud mas zaple iptables tak zkontroluj, ze ti tam ten
          traffic nic neblokuje (asi nejlepsi nachvilku vypnout firewall
          uplne)<br data-mce-bogus="1">
        </div>
        <div><br data-mce-bogus="1">
        </div>
        <div>JDrozd / Buger<br data-mce-bogus="1">
        </div>
        <div><br>
        </div>
        <hr id="zwchr" data-marker="__DIVIDER__">
        <div data-marker="__HEADERS__"><b>From: </b>"Lukáš Němec"
          <a class="moz-txt-link-rfc2396E" href="mailto:lu.nemec@gmail.com"><lu.nemec@gmail.com></a><br>
          <b>To: </b>"vpsFree.cz Community list"
          <a class="moz-txt-link-rfc2396E" href="mailto:community-list@lists.vpsfree.cz"><community-list@lists.vpsfree.cz></a><br>
          <b>Sent: </b>Friday, February 15, 2019 5:29:57 PM<br>
          <b>Subject: </b>[vpsFree.cz: community-list] OpenVPN config<br>
        </div>
        <div><br>
        </div>
        <div data-marker="__QUOTED_TEXT__">Ahoj,
          <div>Snažím se rozjet openvpn jako internet gateway na vpsce.
            Jel jsem podle návodu na wiki vpsfree ale zdá se zastaralý.
            Už jsem ve stavu kdy se v pohodě připojím na vps vpn, ale
            net nefunguje-asi bude špatně ip adresa pro nat v návodu
            wiki? (<span style="font-size: 12pt; font-family:
              Helvetica;"><a
                href="https://kb.vpsfree.cz/navody/server/openvpn"
                target="_blank" moz-do-not-send="true">https://kb.vpsfree.cz/navody/server/openvpn</a>)</span></div>
          <div><span style="font-size: 12pt; font-family: Helvetica;"><br>
            </span></div>
          <div><span style="font-size: 12pt; font-family: Helvetica;">Našel
              jsem ještě maily z 2017 z tohoto listu ale nevím jestli ta
              konfigurace bude platit.</span></div>
          <div><span style="font-size: 12pt; font-family: Helvetica;"><br>
            </span></div>
          <div><span style="font-size: 12pt; font-family: Helvetica;">Poradíte?
              Btw configy mám stejné jako v návodu-jel jsem krok za
              krokem.</span></div>
          <div><span style="font-size: 12pt; font-family: Helvetica;"><br>
            </span></div>
          <div><span style="font-size: 12pt; font-family: Helvetica;">Díky,</span></div>
          <div><span style="font-size: 12pt; font-family: Helvetica;">Lukáš</span></div>
          <br>
          _______________________________________________<br>
          Community-list mailing list<br>
          <a class="moz-txt-link-abbreviated" href="mailto:Community-list@lists.vpsfree.cz">Community-list@lists.vpsfree.cz</a><br>
          <a class="moz-txt-link-freetext" href="http://lists.vpsfree.cz/listinfo/community-list">http://lists.vpsfree.cz/listinfo/community-list</a><br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
Community-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Community-list@lists.vpsfree.cz">Community-list@lists.vpsfree.cz</a>
<a class="moz-txt-link-freetext" href="http://lists.vpsfree.cz/listinfo/community-list">http://lists.vpsfree.cz/listinfo/community-list</a>
</pre>
    </blockquote>
  </body>
</html>