I'm having difficult time setting the correct iptable in order to route OpenVPN traffic to my internal OpenVPN client.
My network is similar to this
+-------------------------+
(public IP)| |
{INTERNET}============{ eth1 Router |
| |
| eth2 |
+------------+------------+
| (192.168.0.254)
|
| +-----------------------+
| | |
| | OpenVPN | eth0: 192.168.0.1/24
+--------------{eth0 server | tun0: 10.8.0.1/24
| | |
| | {tun0} |
| +-----------------------+
|
+--------+-----------+
| |
| Other LAN clients |
| |
| 192.168.0.0/24 |
| (internal net) |
+--------------------+
So basically, I want to accept port and forward VPN traffic from router to internal OpenVPN box. Then I want the OpenVPN box take the traffic from eth port and sent it to tun.
Here is what I tried:
iptable on router:
$ iptables -A INPUT -i tun+ -j ACCEPT
$ iptables -A FORWARD -i tun+ -j ACCEPT
# Allow udp 1194 #
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
# Allow traffic initiated from VPN to access LAN
iptables -I FORWARD -i tun0 -o eth2 \
-s 10.8.0.0/24 -d 192.168.0.0/24 \
-m conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \
-j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 \
-s 10.8.0.0/24 -j MASQUERADE
iptable on OpenVPN
Can anyone give me a pointer how I can fix this problem?
No comments:
Post a Comment