How to allow the OpenVPN client (W10) to use the DNS server (BIND9) residing on the OpenVPN server (Ubuntu 16.04)?

I have Ubuntu 16.04 (Desktop Edition) with OpenVPN server and BIND9 installed. I used a script when I installed OpenVPN. My OpenVPN client is a W10 netbook with a 4G USB modem.
When I choose to use Google DNS when installing OpenVPN, I can very well surf the Internet via OpenVPN (on my OpenVPN client computer W10). But if I choose to use a current DNS setting (that is, my own BIND9 server), then I can connect client to server, but the DNS does not work. I know that I have to modify the OpenVPN server.conf AND server configuration file to modify the client's OpenVPN file as well. And I do not know exactly if my DNS server (BIND9) is correctly configured to play this type of role.
When I go to the W10 CMD and I'm doing ipconfig / all, I see a DNS server with the correct IP address of my BIND9 (this is a public IP address of my Ubuntu machine). However, DNS does not work on a client computer and I have not found a complete step-by-step manual to enable this schema.

AdvancedTomato two OpenVpn clients

I have an r7000 with advancedTomato and my situation is as follows:

  • BR0 on 192.168.5.0/24
  • BR1 to 192.168.7.0/24
  • VPN client1 (nordvpn) with Ignore Redirect Gateway (route-nopull) enabled and routing strategy (from the source address) 192.168.7.0/24, which also redirects Internet.
  • VPN client2 (my openvpn server in another city) that I want to use only as a local area network (LAN), not the Internet, the server is configured correctly to have only LAN access. This client has disabled Ignore redirection gateway (route-nopull) and redirect Internet traffic. When I connect to BR0, I can see this network correctly, but on BR1, I do not see it because of routing problems because vpn client1 is already routed.

How can I stay on the BR1 Internet connected to the VPN (nordvpn) as it is and also have access to the local VPN2 client network?

thank you so much
M

network – OpenVPN UFW can not access other devices on the same network

I have an OpenVPN connection to my device and I want to access other devices on the same network. Without UFW, everything works fine. I've tried setting up the correct UFW rules to allow it, but it still seems blocking. Could someone help?

OpenVPN: 10.8.0.0/24 (tun0)
Local network: 10.14.0.0/22 ​​(eth0)

UFW Journal:

(UFW BLOCK) IN=tun0 OUT=eth0 MAC= SRC=10.8.0.14 DST=10.14.0.1 LEN=552 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=50375 DPT=80 WINDOW=2048 RES=0x00 ACK PSH URGP=0

UFW status:

To                         Action      From
--                         ------      ----
Anywhere                   ALLOW       10.14.0.0/22
Anywhere                   ALLOW       10.8.0.0/24

For my understanding this screams work rolls but they do not do it 🙁

vpn – What are the hardware specifications needed to serve 100,000 customers on OpenVpn?

Serving VPN clients (TCP connections) with the OpenVPN server relies on what? Or how can we calculate the number of customers with hardware specifications?

Does it depend on the bandwidth speed of the server, as if we had a server with 1 GB (1024 MB / PS), we can serve 1024 users (each user can get 1 MB)? Or something else?

centos – How to allow SSH when the OpenVPN client runs in VPS

I can not access VPS via SSH. When VPS connects to VPN. But if remote side, log in to vpn and then go to VPS. It's work. This is like VPN replacing settings in VPS when running.

Customer configuration

client
dev tun
proto tcp
remote indo2.vpnjantit.com 1194
remote 103.129.220.175 1194
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
auth-user-pass
route-delay 2
redirect-gateway
fast-io
pull 

Ip route list

default via 91.92.136.1 dev eth0
91.92.136.0/24 dev eth0 proto kernel scope link src 91.92.136.157
103.129.220.175 via 91.92.136.1 dev eth0
169.254.0.0/16 dev eth0 scope link metric 1002

ip addr show

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 56:b5:e3:69:88:ea brd ff:ff:ff:ff:ff:ff
    inet 91.92.136.157/24 brd 91.92.136.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2a07:5741:0:93d::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::54b5:e3ff:fe69:88ea/64 scope link
       valid_lft forever preferred_lft forever

Configure openVpn as an interface rather than forwarding all traffic from a paid vpn

I subscribe to a virtual private network provider that provides openVpn configuration files.

Now, instead of routing all the traffic via this VPN, I would simply set it up as another interface where the software package with the ability to use this interface (tun0) can send and receive packets

I understand that the addition

--pull-filter ignore redirect-gateway

Stops adding server-side default tables.

I'm stuck on the roads to add to that

curl --interface tun0 ifconfig.co

Give me the IP VPN and

curl --interface eth0 ifconfig.co

Give my standard wan IP

Assuming this allows the programs to select the interface to use for their Internet connection.

Need a tip to start the OpenVPN sales system

I do not know if I publish this in the good forum.
I just started the OpenVPN sales site. Technically, I did almost everything: OpenVPN servers in 3 locations as a starting point, system authentication with radius, accounting and billing with WHMCS.

My question is about the market and the tariff plan.

1. Is the market always available and important? I think about 200 ~ 300 users for the starting point. Is it really available? What is the best way to advertise my website?

2. The second problem concerns prices. What is the most affordable price for users? for example, the best price for a monthly package?

Thanks in advance

Integration of authentication in an OpenVPN service?

Hi, I'm thinking of trying to get some form of user authentication that links WHMCS to OpenVPN, but from what I see, there does not seem to be any modules or tutorials on anyone who can do it.
Has anyone really managed to do that or would it be something that I should try to program?

Can imagine that he would need some kind of demon in the middle to authenticate between WHMCS, then to the OpenVPN service, but just did not hear anything useful.

vpn – OpenVPN Android App – Help us understand the security features.

Hi guys, can any one help me? This openvpn app https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=de

I do not understand the following 11 options in the settings menu. What is their meaning / impact? I basically want to know which of them enable or disable for a safe and smooth vpn performance:

General settings of the application->
1) "OpenVPN 3 Core" ON / OFF?

Parameters in the ovpn server file:
2) "LZO Compression" ON / OFF?

3) IP & DNS-> "Call the server information" ON / OFF?

4) IP & DNS-> "No local connection" ON / OFF?

5) Routing-> "Ignore server pushed routes" ON / OFF?

6) Routing-> "Bypass VPN for LANs" ON / OFF?

7) Routing-> "Block ipv6 if not used by VPN" ON / OFF?

8) Authentication-> "Request TLS Server Certificate" ON / OFF?

9) Authentication-> "Check host name" ON / OFF?

10) Authentication-> "TLS Direction" (0/1 / tlscrypt / tls crypt2)?

11) Advanced-> "Random Host Prefix" ON / OFF?

Thanks guys!!

pfsense – Prevents DNS ping via OpenVPN

Can someone help shed light on the current problem I am facing?

I have a pfSense box under openVPN. My laptop can connect seamlessly to VPN and the Internet. The only IP address on the network I can not ping is the DNS server (Windows 2016). My laptop is connected to the IP address of the DNS server.

I have the openVPN server configured to include:
DNS Default Domain (True)
DNS default domain: Medicore.Lan
Enable DNS Server (True)
DNS Server 1: IP inaccessible.

Any ideas for which this IP address, in particular, would not be accessible? The subnet of the NIC is 255.0.0.0.