openvpn, tun, ipmasq & iptables.

To: debian-user@lists.debian.org
Cc: peasthope@shaw.ca
Subject: openvpn, tun, ipmasq & iptables.
From: peasthope@shaw.ca
Date: Sun, 11 Nov 2007 23:17:15 -0700
Message-id: <"171055147.95311.94998."@heaviside.shaw.ca>

Mumia Paduille & others,

mp> ... iptables ... might go something like this ...

Thanks!  This is my instance, not yet tested.

#=========
# Configuration of iptables at either end of an openvpn tunnel 
# configured to use port 4122.  Packets entering the tunnel 
# are redirected to port 22, which is shared with ssh.  Packets
# exiting the tunnel are redirected back to 4122.
# <tunnel> is 10.4.0.1 on one end and 10.4.0.2 on the other.
#
# Outgoing packets converge onto port 22.
iptables -t nat -A POSTROUTING -p tcp -s <tunnel> --sport 4122 -j REDIRECT --to-port 22
#
# Incoming packets diverge according to the source address.  
# Packets from <tunnel> go to 4122.   All other port 22 packets 
# are undisturbed.
iptables -t nat -A PREROUTING -p tcp -s <tunnel> --sport 22 -j REDIRECT --to-port 4122
#=========
Does that seem reasonable?

My remaining concerns involve interactions of openvpn, tun, 
ipmasq & iptables. 

* Should I remove ipmasq and try to achieve LAN routing 
with iptables, as explained under Routing in man openvpn?  
Or is routing best left to ipmasq?  

* Where does tun operate?  Does it use iptables?  Does it work 
independently between routing and the interface?

* Will iptables recognize the tunnel address in the rules above?

I am trying to resolve some of the questions before spending 
hours with trial and error.  Thanks for any answers, comments
and suggestions,          ... Peter E.


Desktops.OpenDoc  http://carnot.yi.org/

Reply to:

Prev by Date: Re: (solved)Re: Can I resize partition?
Next by Date: (Xen + VNC ) keyboard problems
Previous by thread: Re: any pages listing text mode resolutions of video cards?
Next by thread: (Xen + VNC ) keyboard problems
Index(es):
- Date
- Thread