DH10, 8 months ago Server: <span style="color:#323232;">[Interface] </span><span style="color:#323232;">Address = 10.8.0.1/24 </span><span style="color:#323232;">ListenPort = 51820 </span><span style="color:#323232;">PrivateKey = </span><span style="color:#323232;"> </span><span style="color:#323232;"> </span><span style="color:#323232;">PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE </span><span style="color:#323232;"> </span><span style="color:#323232;">PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE </span><span style="color:#323232;"> </span><span style="color:#323232;"> </span><span style="color:#323232;">[Peer] </span><span style="color:#323232;"># Client Name: Client 1 </span><span style="color:#323232;">PublicKey = </span><span style="color:#323232;">AllowedIPs = 10.8.0.2/32 </span> Client: <span style="color:#323232;">[Interface] </span><span style="color:#323232;">Address = 10.8.0.2/24 </span><span style="color:#323232;">PrivateKey = </span><span style="color:#323232;"> </span><span style="color:#323232;">DNS = 192.168.1.42 </span><span style="color:#323232;"> </span><span style="color:#323232;"> </span><span style="color:#323232;">[Peer] </span><span style="color:#323232;">PublicKey = </span><span style="color:#323232;">AllowedIPs = 10.0.0.0/24,192.168.1.0/24,10.0.1.0/24,10.8.0.0/24,192.168.178.0/24 </span><span style="color:#323232;">Endpoint = vpn.server.online:51820 </span> Du solltest es auch so anpassen können, dass du unter AllowedIPs 192.168.1.42/32 einstellen kannst. Dann geht wirklich nur der Verkehr für den DNS (und alle anderen Protokolle für diese IP, z.B HTTP) über den VPN.
Server:
<span style="color:#323232;">[Interface] </span><span style="color:#323232;">Address = 10.8.0.1/24 </span><span style="color:#323232;">ListenPort = 51820 </span><span style="color:#323232;">PrivateKey = </span><span style="color:#323232;"> </span><span style="color:#323232;"> </span><span style="color:#323232;">PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE </span><span style="color:#323232;"> </span><span style="color:#323232;">PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE </span><span style="color:#323232;"> </span><span style="color:#323232;"> </span><span style="color:#323232;">[Peer] </span><span style="color:#323232;"># Client Name: Client 1 </span><span style="color:#323232;">PublicKey = </span><span style="color:#323232;">AllowedIPs = 10.8.0.2/32 </span>
Client:
<span style="color:#323232;">[Interface] </span><span style="color:#323232;">Address = 10.8.0.2/24 </span><span style="color:#323232;">PrivateKey = </span><span style="color:#323232;"> </span><span style="color:#323232;">DNS = 192.168.1.42 </span><span style="color:#323232;"> </span><span style="color:#323232;"> </span><span style="color:#323232;">[Peer] </span><span style="color:#323232;">PublicKey = </span><span style="color:#323232;">AllowedIPs = 10.0.0.0/24,192.168.1.0/24,10.0.1.0/24,10.8.0.0/24,192.168.178.0/24 </span><span style="color:#323232;">Endpoint = vpn.server.online:51820 </span>
Du solltest es auch so anpassen können, dass du unter AllowedIPs 192.168.1.42/32 einstellen kannst. Dann geht wirklich nur der Verkehr für den DNS (und alle anderen Protokolle für diese IP, z.B HTTP) über den VPN.