Code: Select all
1 name="VPN-PROFILE" local-address=192.168.252.1 remote-address=VPN-POOL
use-mpls=default use-compression=default use-encryption=yes
only-one=default change-tcp-mss=default use-upnp=default address-list=""
dns-server=192.168.2.1 on-up="" on-down=""
/ppp profile
add dns-server=192.168.2.1 local-address=192.168.252.1 name=VPN-PROFILE \
remote-address=VPN-POOL use-encryption=yes
1 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
2 ;;; Allow OpenVPN
chain=input protocol=tcp dst-port=1194
3 ;;; defconf: accept ICMP for local-addr
chain=input action=accept protocol=icmp log=no log-prefix=""
4 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=WAN log=no log-prefix=""
5 ;;; defconf: accept in ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
6 ;;; defconf: accept out ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=out,ipsec
7 ;;; defconf: accept established,related, untracked
chain=forward action=accept
connection-state=established,related,untracked
8 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
9 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface-list=WAN
client
dev tun
proto tcp-client
remote [IP-ADDR] 1194
nobind
persist-key
persist-tun
cipher AES-256-CBC
auth SHA1
pull
verb 2
mute 3
auth-user-pass
#dhcp-option DNS 192.168.2.1
#block-outside-dns
route 192.168.2.0 255.255.255.0
#default-route def1