I have the following setup:
++++++++++++++++++
+ OpenVPN server +........ . . . . (cat pictures)
++++++++++++++++++
|
|
__|__________________________________________Internet________________
| Local
| DSL
|
++++++++++++++++++ +++++++++++++++++++
+ router1 + Ethernet + router2 +
+ DHCP serving +-------------+ DHCP serving +
+ 192.168.1.1/24 + eth0 + 10.0.0.1/24 +
++++++++++++++++++ + OpenVPN client +
. + hostapd/dnsmasq +
. +++++++++++++++++++
. . wlan0
. .
. WLAN 1 . WLAN 2
. .
(wifi clients 1) (wifi clients 2)
The intention of this is to have a seperate WLAN 2 to which wifi clients can connect to and get all their traffic to the internet routed through the OpenVPN connection of router2.
router2
runs a hostapd
instance with a fairly minimal setup on interface wlan0
. dnsmasq.conf is also pretty minimal with:
interface=wlan0
dhcp-range=10.0.0.1,10.0.0.254,12h
no-host
This runs fine. I can connect to the wifi and get assigned an IP address.
OpenVPN is setup and working as well. I'm connecting to a commercial VPN service, so server config is not under my control. OpenVPN is using tun0
.
How can I route all request to the internet from wifi clients 2
through the established OpenVPN connection on router2? I'm guess I have to setup the routing table now, but how?
route
says:
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.200.4.1 128.0.0.0 UG 0 0 0 tun0
default router1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.0.0.0 U 0 0 0 wlan0
10.200.4.0 * 255.255.252.0 U 0 0 0 tun0
<vpn server ip> router1 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 10.200.4.1 128.0.0.0 UG 0 0 0 tun0
link-local * 255.255.0.0 U 1002 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
Best Answer
Has the OpenVPN server been setup to route the
10.0.0.1/24
network to router2? What happens if the OpenVPN server pings10.0.0.1
?If you want hosts on the other side of the VPN to have the ability to making incoming connections then you will need to fix your VPN server.
If this is only outbound traffic, then you probably need to setup NAT. So packets from the
10.0.0.0/24
network appear to come from the VPN interface.A rule like
iptables -t nat -A POSTROUTING -o tun1 -j SNAT --to-source 10.200.4.1