Hello,
I read tons of post on this matter, but somehow there is no clear direction, as to what needs to be done. My main goal is to connect clients (thats me when I am travelling) to the internet through my router.
I followed this OpenVPN wiki. However, when I get on e.g. whatismyip.com, clients and server have different IPv4s and local LAN IPs. The client presents as if not connected to the VPN at all.
My VPN server conf:
config openvpn 'VPNserver'
option enabled 1
# Protocol #
#------------------------------------------------
option dev 'tun'
option dev 'tun0'
option topology 'subnet'
option proto 'udp'
option port 5000
# Routes IMPORTANT:subnetmask of VPN is 192.168.200.0/28, needs consistency with firewall#
#------------------------------------------------
option server '192.168.200.0 255.255.255.240'
option ifconfig '192.168.200.1 255.255.255.240'
# Pushed Routes here also, check LAN has subnet 192.168.1.0/24 as below#
#------------------------------------------------
list push 'route 192.168.100.0 255.255.255.0'
list push 'dhcp-option DNS 192.168.100.1'
list push 'dhcp-option WINS 192.168.100.1'
list push 'dhcp-option DNS 208.67.232.143'
list push 'dhcp-option DNS 208.367.220.123'
list push 'dhcp-option NTP 129.6.15.30'
# Encryption #
#------------------------------------------------
# Diffie-Hellman:
option dh '/etc/openvpn/dh4096.pem'
# PKCS12:
option pkcs12 '/etc/openvpn/server.p12'
# SSL:
option cipher AES-256-CBC
option auth 'SHA512'
option tls_auth '/etc/openvpn/tls-auth.key 0'
# TLS:
option tls_server 1
option tls_version_min 1.2
option tls_cipher 'TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384:!LOW:!EXP:!SRP:!kRSA'
# Logging #
#------------------------------------------------
option log_append '/tmp/openvpn.log'
option status '/tmp/openvpn-status.log'
option verb 5
# Connection Options #
#------------------------------------------------
option keepalive '10 120'
option comp_lzo 'yes'
# Connection Reliability #
#------------------------------------------------
option client_to_client 1
option persist_key 1
option persist_tun 1
# Connection Speed #
#------------------------------------------------
option sndbuf 393216
option rcvbuf 393216
option fragment 0
option mssfix 0
option tun_mtu 48000
# Pushed Buffers #
#------------------------------------------------
list push 'sndbuf 393216'
list push 'rcvbuf 393216'
# Permissions #
#------------------------------------------------
option user 'nobody'
option group 'nogroup'
Client conf in the next post ...