Re: OpenVPN on Xen DomU

To: Denis Witt <denis.witt@concepts-and-training.de>
Cc: debian-user@lists.debian.org
Subject: Re: OpenVPN on Xen DomU
From: Henning Follmann <hfollmann@itcfollmann.com>
Date: Tue, 21 Oct 2014 10:40:24 -0400
Message-id: <[🔎] 20141021144024.GE4836@newton.itcfollmann.com>
Mail-followup-to: Denis Witt <denis.witt@concepts-and-training.de>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20141021145141.591d6ee3@X200>
References: <[🔎] 20141021145141.591d6ee3@X200>

On Tue, Oct 21, 2014 at 02:51:41PM +0200, Denis Witt wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Hi list,
> 
> yay, some non systemd related traffic. ;)
> 
> I try to migrate an OpenVPN-Server/Gateway to a Xen DomU (old config is
> working fine). Connection to the VPN works fine, routing doesn't.
> 
> On the old machine (bare metal) I used:
> 
> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
> 
> On the DomU this doesn't seem to work anymore, so I tried:
> 
> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source
> <PUBLIC_VPN_IP>
> 
> But it didn't work either.
> 
> The DomU network interface is a bridge in Dom0.
> 

Why do you want to do nat on the DomU interface?
You should do nat on the vpn interface.

-H

-- 
Henning Follmann           | hfollmann@itcfollmann.com

Reply to:

Follow-Ups:
- Re: OpenVPN on Xen DomU
  - From: Denis Witt <denis.witt@concepts-and-training.de>

References:
- OpenVPN on Xen DomU
  - From: Denis Witt <denis.witt@concepts-and-training.de>

Prev by Date: Re: If Not Systemd, then What?
Next by Date: Re: Replace Systemd on Jessie
Previous by thread: OpenVPN on Xen DomU
Next by thread: Re: OpenVPN on Xen DomU
Index(es):
- Date
- Thread