Weblog entry #1 for st_iron
See all weblog entries made by st_iron.
#1
OpenVPN behind a gw
Posted by st_iron on Tue 17 Aug 2010 at 07:14
Notice: If you install an OpenVPN server on a machine behind a firewall/gw you have to enable NAT and ip_forward on the vpn machine:
# Enable NAT
iptables -t nat -A POSTROUTING -o $INETDEV -j MASQUERADE
# Activate ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Enable NAT
iptables -t nat -A POSTROUTING -o $INETDEV -j MASQUERADE
# Activate ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Comments on this Entry
Posted by Anonymous (174.97.xx.xx) on Tue 7 Sep 2010 at 05:53
Not if you bridge the VPN connections. This puts VPN clients on the same IP network as the rest of your LAN.
Come to think of it, I didn't have to do that even when routing the VPN connection either. I did have to add route entries to any node on the network that the other end of the VPN needed to get to, which was every PC, so I just added the route to the gateway (not the VPN box). No NAT'ing anywhere but the main internet gateway box.
Come to think of it, I didn't have to do that even when routing the VPN connection either. I did have to add route entries to any node on the network that the other end of the VPN needed to get to, which was every PC, so I just added the route to the gateway (not the VPN box). No NAT'ing anywhere but the main internet gateway box.
[ Parent | Reply to this comment ]
Posted by Anonymous (174.97.xx.xx) on Tue 7 Sep 2010 at 06:02
That said, there are still reasons one might wish to NAT the VPN clients instead of bridge them or route them.
[ Parent | Reply to this comment ]