Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Mon Sep 12 20:31:08 2016 OpenVPN 2.3.12 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 23 2016
- Mon Sep 12 20:31:08 2016 Windows version 6.2 (Windows 8 or greater) 64bit
- Mon Sep 12 20:31:08 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
- Mon Sep 12 20:31:13 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
- Mon Sep 12 20:31:13 2016 Control Channel Authentication: tls-auth using INLINE static key file
- Mon Sep 12 20:31:13 2016 Attempting to establish TCP connection with [AF_INET]5.39.182.24:1194 [nonblock]
- Mon Sep 12 20:31:23 2016 TCP: connect to [AF_INET]5.39.182.24:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
- Mon Sep 12 20:31:38 2016 TCP: connect to [AF_INET]5.39.182.24:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
- root@pine64:/etc# cat /etc/openvpn/server.conf
- local 192.168.1.20 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
- dev tun
- #proto udp #Some people prefer to use tcp. Don't change it if you don't know.
- proto tcp
- port 1194
- ca /etc/openvpn/easy-rsa/keys/ca.crt
- cert /etc/openvpn/easy-rsa/keys/pine64.crt # SWAP WITH YOUR CRT NAME
- key /etc/openvpn/easy-rsa/keys/pine64.key # SWAP WITH YOUR KEY NAME
- dh /etc/openvpn/easy-rsa/keys/dh2048.pem # If you changed to 2048, change that here!
- server 10.8.0.0 255.255.255.0
- # server and remote endpoints
- ifconfig 10.8.0.1 10.8.0.2
- # Add route to Client routing table for the OpenVPN Server
- push "route 10.8.0.1 255.255.255.255"
- # Add route to Client routing table for the OpenVPN Subnet
- push "route 10.8.0.0 255.255.255.0"
- # your local subnet
- push "route 192.168.1.20 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
- # Set primary domain name server address to the SOHO Router
- # If your router does not do DNS, you can use Google DNS 8.8.8.8
- #push "dhcp-option DNS 192.168.2.1" # This should already match your router address and not need to be changed.
- push "dhcp-option DNS 8.8.8.8" # This should already match your router address and not need to be changed.
- # Override the Client default gateway by using 0.0.0.0/1 and
- # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
- # overriding but not wiping out the original default gateway.
- push "redirect-gateway def1"
- client-to-client
- duplicate-cn
- keepalive 10 120
- tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
- cipher AES-128-CBC
- comp-lzo
- user nobody
- group nogroup
- persist-key
- persist-tun
- status /var/log/openvpn-status.log 20
- log /var/log/openvpn.log
- verb 1
- root@pine64:/etc# cat /etc/iptables-firewall-rules.backup
- # Generated by iptables-save v1.4.21 on Sun Sep 11 21:19:15 2016
- *filter
- :INPUT ACCEPT [16429:2363941]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [17426:8592638]
- -A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
- -A INPUT -i tun+ -j ACCEPT
- -A FORWARD -i tun+ -j ACCEPT
- -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A OUTPUT -o tun+ -j ACCEPT
- COMMIT
- # Completed on Sun Sep 11 21:19:15 2016
- # Generated by iptables-save v1.4.21 on Sun Sep 11 21:19:15 2016
- *nat
- :PREROUTING ACCEPT [1172:103090]
- :INPUT ACCEPT [157:31732]
- :OUTPUT ACCEPT [205:14166]
- :POSTROUTING ACCEPT [205:14166]
- -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.20
- -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
- -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.20
- COMMIT
- # Completed on Sun Sep 11 21:19:15 2016
- root@pine64:/etc# route
- Kernel IP routing table
- Destination Gateway Genmask Flags Metric Ref Use Iface
- default speedport.ip 0.0.0.0 UG 0 0 0 eth0
- 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
- 10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
- link-local * 255.255.0.0 U 1000 0 0 eth0
- 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement