RE: OpenVPN and IP Forwarding
Hi,
> I have a machine with an internet connection, it acts as a router for other systems on a private network (192.168.2.0/8).
> I setup a VPN client with openvpn on this machine, the VPN works perfectly, but when connected to the VPN the machine does not route for the private network systems.
>
> I can ping the machine from the private network, but not the other way around. I don't understand why I lose this connection.
> I have a webserver running on the machine and I can view its websites from the private network when the VPN is running,
> but I can't seem to initiate a connection from the machine to the private network.
Look at the following:
Do the clients connecting via the VPN know what the ip-numbers are on the other side? Do they know to send that traffic via the vpn tunnel and not to the default gateway on the cient?
Does the webserver know what to do with the ip-numbers coming from the vpn tunnel? If it sends the answer to the default gateway does the answer end up on a machine that knows what to do with it?
Those are the most common problems with VPN traffic.
Look at something like push "route 192.168.2.0 255.255.255.0" in your cfg file on the server to tell the clients where to send traffic.
> I searched and found some instructions with iptables commands that would allow ip forwarding over the VPN,
> but it didn't seem to make any difference:
> iptables -A FORWARD -s 192.168.2.0/8 -o eth1 -j ACCEPT iptables -A FORWARD -s 192.168.2.0/8 -o eth1 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.2.0/8 -o eth1 -j MASQUERADE
Masquerading tricks on a VPN are usually only needed if the other side is ALSO using the same, in this case 192.168.2.0, network.
Bonno Bloksma
Reply to: