phihag · July 11, 2014 06:56
diff --git a/addresses.log b/addresses.log
 # On the server:
 $ ip  a s dev tun0
 15: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
    link/none 
    inet 10.222.0.1 peer 10.222.0.2/32 scope global tun0

 # Client output:
 ...
 Fri Jul 11 08:55:32 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
 Fri Jul 11 08:55:32 2014 [n.phihag.de] Peer Connection Initiated with [AF_INET]174.34.171.91:1194
 Fri Jul 11 08:55:34 2014 SENT CONTROL [n.phihag.de]: 'PUSH_REQUEST' (status=1)
 Fri Jul 11 08:55:34 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.222.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.222.0.6 10.222.0.5'
 Fri Jul 11 08:55:34 2014 OPTIONS IMPORT: timers and/or timeouts modified
 Fri Jul 11 08:55:34 2014 OPTIONS IMPORT: --ifconfig/up options modified
 Fri Jul 11 08:55:34 2014 OPTIONS IMPORT: route options modified
 Fri Jul 11 08:55:34 2014 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlan0 HWADDR=00:23:14:af:47:b4
 Fri Jul 11 08:55:34 2014 TUN/TAP device tun0 opened
 Fri Jul 11 08:55:34 2014 TUN/TAP TX queue length set to 100
 Fri Jul 11 08:55:34 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
 Fri Jul 11 08:55:34 2014 /sbin/ip link set dev tun0 up mtu 1500
 Fri Jul 11 08:55:34 2014 /sbin/ip addr add dev tun0 local 10.222.0.6 peer 10.222.0.5
 Fri Jul 11 08:55:34 2014 /sbin/ip route add 174.34.171.91/32 via 192.168.1.1
 Fri Jul 11 08:55:34 2014 /sbin/ip route add 0.0.0.0/1 via 10.222.0.5
 Fri Jul 11 08:55:34 2014 /sbin/ip route add 128.0.0.0/1 via 10.222.0.5
 Fri Jul 11 08:55:34 2014 /sbin/ip route add 10.222.0.0/24 via 10.222.0.5
diff --git a/client.conf b/client.conf

 client
 dev tun
 proto udp
 remote n.phihag.de 1194
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 ca ca.crt
 cert t4.crt
 key t4.key
 comp-lzo
 verb 3

 remote-cert-tls server
diff --git a/server.conf b/server.conf
 port 1194
 proto udp
 dev tun

 ca      /etc/openvpn/keys/ca.crt
 cert    /etc/openvpn/keys/n.phihag.de.crt
 key     /etc/openvpn/keys/n.phihag.de.key
 dh      /etc/openvpn/keys/dh2048.pem

 server 10.222.0.0 255.255.255.0
 push "redirect-gateway def1 bypass-dhcp"

 keepalive 10 120

 comp-lzo
 persist-key
 persist-tun

 status log/openvpn-status.log

 verb 3
 client-to-client
	# On the server:
	$ ip a s dev tun0
	15: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
	link/none
	inet 10.222.0.1 peer 10.222.0.2/32 scope global tun0

	# Client output:
	...
	Fri Jul 11 08:55:32 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
	Fri Jul 11 08:55:32 2014 [n.phihag.de] Peer Connection Initiated with [AF_INET]174.34.171.91:1194
	Fri Jul 11 08:55:34 2014 SENT CONTROL [n.phihag.de]: 'PUSH_REQUEST' (status=1)
	Fri Jul 11 08:55:34 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.222.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.222.0.6 10.222.0.5'
	Fri Jul 11 08:55:34 2014 OPTIONS IMPORT: timers and/or timeouts modified
	Fri Jul 11 08:55:34 2014 OPTIONS IMPORT: --ifconfig/up options modified
	Fri Jul 11 08:55:34 2014 OPTIONS IMPORT: route options modified
	Fri Jul 11 08:55:34 2014 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlan0 HWADDR=00:23:14:af:47:b4
	Fri Jul 11 08:55:34 2014 TUN/TAP device tun0 opened
	Fri Jul 11 08:55:34 2014 TUN/TAP TX queue length set to 100
	Fri Jul 11 08:55:34 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
	Fri Jul 11 08:55:34 2014 /sbin/ip link set dev tun0 up mtu 1500
	Fri Jul 11 08:55:34 2014 /sbin/ip addr add dev tun0 local 10.222.0.6 peer 10.222.0.5
	Fri Jul 11 08:55:34 2014 /sbin/ip route add 174.34.171.91/32 via 192.168.1.1
	Fri Jul 11 08:55:34 2014 /sbin/ip route add 0.0.0.0/1 via 10.222.0.5
	Fri Jul 11 08:55:34 2014 /sbin/ip route add 128.0.0.0/1 via 10.222.0.5
	Fri Jul 11 08:55:34 2014 /sbin/ip route add 10.222.0.0/24 via 10.222.0.5

	client
	dev tun
	proto udp
	remote n.phihag.de 1194
	resolv-retry infinite
	nobind
	persist-key
	persist-tun
	ca ca.crt
	cert t4.crt
	key t4.key
	comp-lzo
	verb 3

	remote-cert-tls server
	port 1194
	proto udp
	dev tun

	ca /etc/openvpn/keys/ca.crt
	cert /etc/openvpn/keys/n.phihag.de.crt
	key /etc/openvpn/keys/n.phihag.de.key
	dh /etc/openvpn/keys/dh2048.pem

	server 10.222.0.0 255.255.255.0
	push "redirect-gateway def1 bypass-dhcp"

	keepalive 10 120

	comp-lzo
	persist-key
	persist-tun

	status log/openvpn-status.log

	verb 3
	client-to-client