Changes between Version 18 and Version 19 of BridgingAndRouting


Ignore:
Timestamp:
03/15/16 20:44:54 (3 years ago)
Author:
circulosmeos
Comment:

carefully explain when to masquerade in 'Using routing and OpenVPN not running on the default gateway'

Legend:

Unmodified
Added
Removed
Modified
  • BridgingAndRouting

    v18 v19  
    200200The Router needs to have a port forwarding for the port you want to use for OpenVPN and forward that port to 192.168.0.10, which is the IP address of the OpenVPN on the internal network.
    201201
    202 The next thing you need to do on the router is to add a route for your VPN subnet.  In the routing table on your Router, add 10.8.0.0/24 to be sent via 192.168.0.10.  This is needed for the traffic from your LAN clients to be able to find their way back to the VPN clients.  If this is not possible, you need add such routes explicitly on all the LAN clients you want to access via the VPN.
     202The next thing you need to do on the router is to add a route for your VPN subnet.  In the routing table on your Router, add 10.8.0.0/24 to be sent via 192.168.0.10.  This is needed for the traffic from your LAN clients to be able to find their way back to the VPN clients.  If this is not possible, you need add such routes explicitly on all the LAN clients you want to access via the VPN. Another less laborious way to do this, is to add a rule to masquerade the network 10.8.0.0/24 with iptables, as done with the third rule in the iptables commands below.
    203203
    204204The firewall rules will also need to be different, and less extensive.  Here you just need to add rules which opens up traffic from the VPN subnet and into your local LAN.
     
    214214         -j ACCEPT
    215215
    216     # Masquerade traffic from VPN -- done in the nat table
    217     iptables -t nat -I POSTROUTING -o eth0 \
    218           -s 10.8.0.0/24 -j MASQUERADE
     216    # Masquerade traffic from VPN -- done in the nat table
     217    # Do this only if you haven't modified routing tables as explained before
     218    #iptables -t nat -I POSTROUTING -o eth0 \
     219    #      -s 10.8.0.0/24 -j MASQUERADE
    219220}}}
    220221