0

I have installed the OpenVpn server in my Ubuntu 22.04. When i connect to my openvpn server then all traffic start going through it however, i don't want it.

My server.conf is following:

    port 1194
;proto tcp
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh none
topology subnet
ifconfig-pool-persist ipp.txt
server 10.8.0.0 255.255.255.0
crl-verify keys/crl.pem
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
tls-crypt keys/ta.key
cipher BF-CBC        # Blowfish (default)
;cipher DES-EDE3-CBC  # Triple-DES
;cipher AES-256-GCM  # AES 256 - for openvpn version 2.4+
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /tmp/openvpn-status.log 3
verb 3
tun-mtu             1500
mssfix              1300

.OVPN

dev                 tun_apxsr
proto               udp
client
remote              demo5.apxst.com 1194
cipher              BF-CBC
auth                SHA256
resolv-retry        infinite
persist-key
persist-tun
#ns-cert-type       server
comp-lzo
keepalive           9 30
verb                3
nobind
tun-mtu             1500
mssfix              1300
mute                20
redirect-gateway autolocal
key-direction 1
status             /var/log/tun_apxsr.status
Huzaifa khan
  • 1
  • 1
  • 1
    You must re-create the secret credentials you posted with your configuration. Before doing that, you need to take your VPN server offline because anyone can access it when you published the secrets within the question. – Tero Kilkanen Nov 06 '22 at 09:43
  • however, it would not be the first vpn service that is beeing "pwened". it needs clarity what you want to allow or deny, mostly iptables will solve the problem. if its just for a specific ip or subnet it could be handled by routing and to restrict this i. e. only a specific port, it's iptables again – djdomi Nov 06 '22 at 09:52
  • Thanks @djdomi i don't want my public traffic go through VPN should only specific traffic go to VPN. please suggest what can i do for this. will it handle by routing or iptables? – Huzaifa khan Nov 06 '22 at 10:58
  • `redirect-gateway autolocal` does exactly what you wanted: redirect all traffic to the tunnel, did you read the manual? and for your information, only editing the Question does not remove the SSL-Cert-Keys from the Platform, nor from the Internet :-) – djdomi Nov 06 '22 at 16:00
  • @djdomi I have also tried to remove the redirect-gateway autolocal from client .ovpn but the issue was still same then i have reverted it. Can you please let me know exactly what should i do to deny all public traffic from openvpn server? BTW to configure the openvpn i had follow this https://hinty.io/ivictbor/setup-openvpn-server-on-ubuntu-22-04/ – Huzaifa khan Nov 06 '22 at 23:22

0 Answers0