Help: Getting LE container validated through VPN tunnel


Recommended Posts

Hi,

 

I am trying to get over my cgnat problem and people suggested  online  to  VPN  tunnel to  a  server  with a public IP. Now,  I was able to  connect from  my  pfSense  to the  raspberry  pi with  PiVPN. How can  I  make  the  duckdns validation? 

 

1.thumb.PNG.ef7e74a4b2c5d0f0ba2a4051bb8a63b2.PNG

 

/etc/openvpn/server.conf

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/cert.crt
key /etc/openvpn/easy-rsa/pki/private/key.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
#site  to site vpn
route 10.0.0.0 255.255.255.0 10.8.0.2
push "route 192.168.2.0 255.255.255.0"
client-config-dir /etc/openvpn/client
#pi-hole
push "dhcp-option DNS 10.8.0.1"
#push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 9.9.9.9"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io

 /etc/openvpn/client/vpn1:

push "route 192.168.2.0 255.255.255.0 10.8.0.1"
ifconfig-push 10.8.0.2 255.255.255.0
iroute 10.0.0.0 255.255.255.0

 

Sometimes I  can  ping  the  pfSense from the PiVPN  but not  vise  versa. Should better opt to try SSH tunnel instead of  OpenVPN site to site?

If  you  need  more information just let  me  know. All suggestions will help!

 

 

Thanks.

 

 

 

Edited by emersonicus
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.