Hello, this will be yet another OpenVPN thread regarding Internet access.
I've followed the quick guide and got a OpenVPNserver running on my router.
My home setup is really easy with my ADSL modem in front of my router.
I've managed to work out dynamic dns before doing OpenVPN tutorial, and by using the .ovpn file created on my router on my iPhone I can connect.
I've been googling this issue for so long that I don't see any other ways than asking you guys.
The last two rules in the firewall are me trying to get to the internet by using openvpn.. Zones I've messed a little bit with but I think they are as original.
I also added network for routing, I've not added anything, maybe that's where the issue is.
Update
I shared internet from my iphone to my laptop and started OpenVPN gui and connected to my router. Now internet is working fine!
So, it's only my iPhone now that don't have internet while openvpn is connected
Thanks for any help with this!
My config files follows.
client ovpn file:
verb 3
nobind
dev tun
client
remote .mooo.com 1194
fast-io
compress lzo
auth-nocache
remote-cert-tls server
Server config:
config openvpn 'vpnserver'
option enabled '1'
option dev 'tun0'
option port '1194'
option server '192.168.200.0 255.255.255.0'
option client_to_client '1'
option compress 'lzo'
option keepalive '10 120'
option persist_tun '1'
option persist_key '1'
option dh '/etc/openvpn/dh.pem'
option tls_crypt '/etc/openvpn/tc.pem'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/vpnserver.crt'
option key '/etc/openvpn/vpnserver.key'
option duplicate_cn '1'
list push 'compress lzo'
list push 'dhcp-option DNS 192.168.1.1'
list push 'dhcp-option DOMAIN lan'
list push 'persist-key'
list push 'persist-tun'
list push 'redirect-gateway def1'
list push 'route 192.168.1.0 255.255.255.0'
option verb '5'
Firewall:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'bcp38'
option type 'script'
option path '/usr/lib/bcp38/run.sh'
option family 'IPv4'
option reload '1'
config rule
option name 'Allow-OpenVPN'
option src 'wan'
option dest_port '1194'
option proto 'tcp udp'
option target 'ACCEPT'
config zone
option name 'vpnserver'
option output 'ACCEPT'
option network 'vpnserver'
option input 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option dest 'wan'
option src 'lan'
config forwarding
option dest 'wan'
option src 'vpnserver'
config rule
option target 'ACCEPT'
option src 'vpnserver'
option name 'vpnwan'
option dest 'wan'
config rule
option target 'ACCEPT'
option src 'wan'
option name 'wanvpn'
option dest 'vpnserver'
Network:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd00:d727:0342::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'vpnserver'
option ifname 'tun0'
option proto 'none'