I have a OpenVPN server ruining on Unbuntu 14.04 server. Everything works fine, the client connects to the server and can ping the VPN server. I want the client use my internet as it were his internet but I also want to block the client to access my Home LAN. Below is my setup:
Home LAN: 192.168.1.0/24
Router: 192.168.1.2
OpenVPN LAN ip: 192.168.139
VPN Network: 10.8.0.0/24
Server Configuration:
proto udp
dev tun
ca ca.crt
cert openvpn-server.crt
key openvpn-server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 68.237.161.12"
push "dhcp-option DNS 71.250.0.12"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Client Configuration:
client
dev tun
proto udp
remote (ip removed) 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert andres.crt
key andres.key
remote-cert-tls server
comp-lzo
verb 3
What I have done is enable packet forwarding
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
It works but the client have access to my entire LAN.
How can I block my LAN and allow internet traffic to a openvpn client?
Thank you,
Best Answer
I'd do it with iptables.