Wednesday, October 29, 2014

iptables - Routing and OpenVPN not running on the default gateway

I'm having difficult time setting the correct iptable in order to route OpenVPN traffic to my internal OpenVPN client.



My network is similar to this




                      +-------------------------+
(public IP)| |
{INTERNET}============{ eth1 Router |
| |

| eth2 |
+------------+------------+
| (192.168.0.254)
|
| +-----------------------+
| | |
| | OpenVPN | eth0: 192.168.0.1/24
+--------------{eth0 server | tun0: 10.8.0.1/24
| | |
| | {tun0} |

| +-----------------------+
|
+--------+-----------+
| |
| Other LAN clients |
| |
| 192.168.0.0/24 |
| (internal net) |
+--------------------+




So basically, I want to accept port and forward VPN traffic from router to internal OpenVPN box. Then I want the OpenVPN box take the traffic from eth port and sent it to tun.



Here is what I tried:



iptable on router:



$ iptables -A INPUT -i tun+ -j ACCEPT
$ iptables -A FORWARD -i tun+ -j ACCEPT




# Allow udp 1194 #
iptables -A INPUT -p udp --dport 1194 -j ACCEPT



# Allow traffic initiated from VPN to access LAN
iptables -I FORWARD -i tun0 -o eth2 \
-s 10.8.0.0/24 -d 192.168.0.0/24 \
-m conntrack --ctstate NEW -j ACCEPT






iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \
-j ACCEPT




iptables -t nat -I POSTROUTING -o eth0 \
-s 10.8.0.0/24 -j MASQUERADE



iptable on OpenVPN



Can anyone give me a pointer how I can fix this problem?

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...