<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Ahoj,<div class=""><br class=""></div><div class="">díky za odpovědi, zkusil jsem co jste psali, a stále nefunguje. Připojím se OK, ale ping 8.8.8.8 píše no route to host, nebo timeoutuje.</div><div class="">IPv4 forwarding jsem zapl, a přidal nat dle wiki, ale tahle část se mi nějak nezdá, když se snažím vylistovat pravidla v POSTROUTING, píše mi iptables že takový chain nezná. To nechápu.</div><div class=""><br class=""></div><div class="">root@nemec /etc/openvpn # ip addr show dev venet0:0 scope global </div><div class="">2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN</div><div class=""> link/void</div><div class=""> inet 37.205.10.108/32 brd 37.205.10.108 scope global venet0:0</div><div class=""> inet6 2a01:430:17:1::ffff:71/128 scope global</div><div class=""> valid_lft forever preferred_lft forever</div><div class="">root@nemec /etc/openvpn # iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to 37.205.10.108 </div><div class="">root@nemec /etc/openvpn # iptables -L POSTROUTING </div><div class="">iptables: No chain/target/match by that name. </div><div class=""><br class=""></div><div class="">Můj server config:</div><div class=""><div class="">mode server</div><div class="">tls-server</div><div class="">port 1194</div><div class="">proto tcp-server</div><div class="">dev tap1</div><div class="">client-config-dir ccd</div><div class="">tun-mtu 1500</div><div class=""><br class=""></div><div class="">ca /etc/openvpn/easy-rsa/keys/ca.crt</div><div class="">cert /etc/openvpn/easy-rsa/keys/nemec.crt</div><div class="">key /etc/openvpn/easy-rsa/keys/nemec.key</div><div class="">dh /etc/openvpn/easy-rsa/keys/dh2048.pem</div><div class=""><br class=""></div><div class="">topology subnet</div><div class="">server 172.16.123.0 255.255.255.0</div><div class="">push "redirect-gateway def1 bypass-dhcp"</div><div class="">push "dhcp-option DNS 8.8.8.8"</div><div class=""><br class=""></div><div class="">ifconfig-pool-persist ipp.txt</div><div class=""><br class=""></div><div class="">keepalive 10 120</div><div class="">max-clients 10</div><div class="">cipher AES-256-CBC</div><div class="">user nobody</div><div class="">group nogroup</div><div class="">persist-key</div><div class="">persist-tun</div><div class="">status /tmp/openvpn.status 1</div><div class="">log-append /var/log/openvpn.log</div><div class="">status-version 3</div><div class="">verb 4</div><div class="">mute 20</div><div class="">reneg-sec 180</div><div class=""><br class=""></div><div class="">Díky za jakékoliv rady,</div><div class="">Lukáš</div><div class=""><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">On 21 Feb 2019, at 14:57, Miroslav Misek <<a href="mailto:miroslav.misek@netgarden.cz" class="">miroslav.misek@netgarden.cz</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Pokud ma OpenVPN fungovat jako gateway (tzn klient pak bude
posilat vsechny data do internetu pres VPN), <br class="">
tak je potreba jeste nastavit bud na klientovi:<br class="">
redirect-gateway<br class="">
nebo na serveru:<br class="">
push "redirect-gateway"</p><p class="">A navic v iptables (firewalld) nastavit masquerade (aby data
pochazejici z vpn pri preposilani do internetu mela source ip toho
VPSka.<br class="">
A jak uz bylo napsano v predeslem emailu je potreba povolit ip
forwarding (echo 1 > /proc/sys/net/ipv4/ip_forward) a taky
forwarding ve firewallu (iptables, firewalld).</p><p class="">Miroslav Misek</p>
<div class="moz-cite-prefix">On 21. 02. 19 14:16, Jiri Drozd wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:1205030177.7379.1550755002419.JavaMail.zimbra@sde.cz" class="">
<meta http-equiv="content-type" content="text/html; charset=UTF-8" class="">
<div style="font-family: arial, helvetica, sans-serif; font-size: 12pt;" class="">
<div class="">Ahoj,<br class="">
</div>
<div class=""><br data-mce-bogus="1" class="">
</div>
<div class="">uz nevim podle ceho sem to nastavoval, tady je muj config
ktery funguje:<br data-mce-bogus="1" class="">
</div>
<div class=""><br data-mce-bogus="1" class="">
</div>
<div class="">port 1111<br class="">
proto udp<br class="">
dev tun<br class="">
ca /etc/openvpn/full/keys/ca.crt<br class="">
cert /etc/openvpn/full/keys/server.crt<br class="">
key /etc/openvpn/full/keys/server.key <br class="">
dh /etc/openvpn/full/keys/dh2048.pem<br class="">
topology subnet<br class="">
server 172.16.123.0 255.255.255.0<br class="">
ifconfig-pool-persist ipp-full.txt<br class="">
push "redirect-gateway def1 bypass-dhcp"<br class="">
push "dhcp-option DNS 8.8.8.8"<br class="">
keepalive 10 30<br class="">
tls-auth /etc/openvpn/easy-rsa-full/keys/ta.key 0<br class="">
cipher AES-256-CBC <br class="">
comp-lzo<br class="">
max-clients 100<br class="">
user nobody<br class="">
group nogroup<br class="">
persist-key<br class="">
persist-tun<br class="">
status openvpn-full-status.log<br class="">
verb 3<br class="">
mute 20<br class="">
reneg-sec 180<br class="">
</div>
<div class=""><br data-mce-bogus="1" class="">
</div>
<div class="">treba mit jeste povoleny forwarding <a href="https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux" moz-do-not-send="true" class="">https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux</a><br data-mce-bogus="1" class="">
</div>
<div class="">a pokud mas zaple iptables tak zkontroluj, ze ti tam ten
traffic nic neblokuje (asi nejlepsi nachvilku vypnout firewall
uplne)<br data-mce-bogus="1" class="">
</div>
<div class=""><br data-mce-bogus="1" class="">
</div>
<div class="">JDrozd / Buger<br data-mce-bogus="1" class="">
</div>
<div class=""><br class="">
</div>
<hr id="zwchr" data-marker="__DIVIDER__" class="">
<div data-marker="__HEADERS__" class=""><b class="">From: </b>"Lukáš Němec"
<a class="moz-txt-link-rfc2396E" href="mailto:lu.nemec@gmail.com"><lu.nemec@gmail.com></a><br class="">
<b class="">To: </b>"<a href="http://vpsFree.cz" class="">vpsFree.cz</a> Community list"
<a class="moz-txt-link-rfc2396E" href="mailto:community-list@lists.vpsfree.cz"><community-list@lists.vpsfree.cz></a><br class="">
<b class="">Sent: </b>Friday, February 15, 2019 5:29:57 PM<br class="">
<b class="">Subject: </b>[<a href="http://vpsFree.cz" class="">vpsFree.cz</a>: community-list] OpenVPN config<br class="">
</div>
<div class=""><br class="">
</div>
<div data-marker="__QUOTED_TEXT__" class="">Ahoj,
<div class="">Snažím se rozjet openvpn jako internet gateway na vpsce.
Jel jsem podle návodu na wiki vpsfree ale zdá se zastaralý.
Už jsem ve stavu kdy se v pohodě připojím na vps vpn, ale
net nefunguje-asi bude špatně ip adresa pro nat v návodu
wiki? (<span style="font-size: 12pt; font-family:
Helvetica;" class=""><a href="https://kb.vpsfree.cz/navody/server/openvpn" target="_blank" moz-do-not-send="true" class="">https://kb.vpsfree.cz/navody/server/openvpn</a>)</span></div>
<div class=""><span style="font-size: 12pt; font-family: Helvetica;" class=""><br class="">
</span></div>
<div class=""><span style="font-size: 12pt; font-family: Helvetica;" class="">Našel
jsem ještě maily z 2017 z tohoto listu ale nevím jestli ta
konfigurace bude platit.</span></div>
<div class=""><span style="font-size: 12pt; font-family: Helvetica;" class=""><br class="">
</span></div>
<div class=""><span style="font-size: 12pt; font-family: Helvetica;" class="">Poradíte?
Btw configy mám stejné jako v návodu-jel jsem krok za
krokem.</span></div>
<div class=""><span style="font-size: 12pt; font-family: Helvetica;" class=""><br class="">
</span></div>
<div class=""><span style="font-size: 12pt; font-family: Helvetica;" class="">Díky,</span></div>
<div class=""><span style="font-size: 12pt; font-family: Helvetica;" class="">Lukáš</span></div>
<br class="">
_______________________________________________<br class="">
Community-list mailing list<br class="">
<a class="moz-txt-link-abbreviated" href="mailto:Community-list@lists.vpsfree.cz">Community-list@lists.vpsfree.cz</a><br class="">
<a class="moz-txt-link-freetext" href="http://lists.vpsfree.cz/listinfo/community-list">http://lists.vpsfree.cz/listinfo/community-list</a><br class="">
</div>
</div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Community-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Community-list@lists.vpsfree.cz">Community-list@lists.vpsfree.cz</a>
<a class="moz-txt-link-freetext" href="http://lists.vpsfree.cz/listinfo/community-list">http://lists.vpsfree.cz/listinfo/community-list</a>
</pre>
</blockquote>
</div>
_______________________________________________<br class="">Community-list mailing list<br class=""><a href="mailto:Community-list@lists.vpsfree.cz" class="">Community-list@lists.vpsfree.cz</a><br class="">http://lists.vpsfree.cz/listinfo/community-list<br class=""></div></blockquote></div><br class=""></div></body></html>