Openvpn – How to route all traffic from VPN client through LAN

nat;networkingopenvpnvpn

I have a VPN server (ubuntu) with 2 interface:

eth0: A.B.C.D
eth1: 192.168.8.45

I've setup VPN which create tun interface. VPN IP is 10.8.0.0/24 Now from VPN client (10.8.0.6) I can connect to my LAN (192.168.8.0/24), ping and access server on LAN. I've forced all traffic through LAN by setting in server.conf

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

And set IP tables

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

With these setting, I can connect to the internet, but using IP address of eth0 (A.B.C.D), not through eth1 as I want.

If I try to set:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE

Then I cannot connect to the internet.

So what is the problem? I've already googled but no answer in this case.
Could you help me? I will really appreciate. Thank you

Best Answer

When you try to set iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE you route add traffic from VPN to eth1. But I think you doesn't have route to 0.0.0.0/0 trough eth1. There not enough information about your network, but you could add iptables rule iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -o eth0 -j MASQUERADE and try to check what happened.

Related Solutions

Openvpn – Getting openvpn client to forward all traffic through server

For reference, the relevant section of the HOWTO is here, though I suspect you've followed that.

The first thing I'd try is to remove the 'local', that is the command should be

push "redirect-gateway def1"

and not

push "redirect-gateway local def1"

The local flag only works if all of your clients are on the same subnet.

A couple of other things to be aware of are that DNS traffic is routed through the vpn so you won't be able to resolve addresses unless you've dealt with that. DHCP can also get forwarded though it doesn't look like that should happen in your case as you're using a routed not a bridged VPN, but might be worth checking anyway.

Linux – Client unable to reach Internet through OpenVPN

I was having the same problem, it was being caused by this iptables rule:

iptables -A FORWARD -j DROP

To fix it, I added these rules before the rule above:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t filter -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT

Also, make sure to do this:

echo 1 > /proc/sys/net/ipv4/ip_forward

Best Answer

Related Solutions

Openvpn – Getting openvpn client to forward all traffic through server

Linux – Client unable to reach Internet through OpenVPN

Related Topic