Jump to content
emersonicus

Help: Getting LE container validated through VPN tunnel

2 posts in this topic Last Reply

Recommended Posts

Hi,

 

I am trying to get over my cgnat problem and people suggested  online  to  VPN  tunnel to  a  server  with a public IP. Now,  I was able to  connect from  my  pfSense  to the  raspberry  pi with  PiVPN. How can  I  make  the  duckdns validation? 

 

1.thumb.PNG.ef7e74a4b2c5d0f0ba2a4051bb8a63b2.PNG

 

/etc/openvpn/server.conf

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/cert.crt
key /etc/openvpn/easy-rsa/pki/private/key.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
#site  to site vpn
route 10.0.0.0 255.255.255.0 10.8.0.2
push "route 192.168.2.0 255.255.255.0"
client-config-dir /etc/openvpn/client
#pi-hole
push "dhcp-option DNS 10.8.0.1"
#push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 9.9.9.9"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io

 /etc/openvpn/client/vpn1:

push "route 192.168.2.0 255.255.255.0 10.8.0.1"
ifconfig-push 10.8.0.2 255.255.255.0
iroute 10.0.0.0 255.255.255.0

 

Sometimes I  can  ping  the  pfSense from the PiVPN  but not  vise  versa. Should better opt to try SSH tunnel instead of  OpenVPN site to site?

If  you  need  more information just let  me  know. All suggestions will help!

 

 

Thanks.

 

 

 

Edited by emersonicus

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now