Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Configuring OpenVPN / IPTABLES / ROUTES

    Dear All,

    I've been trying to configure my vpn for days now without any success. I'm using OpenVPN and followed the provided instructions to the letter. The vpn server has the following characteristics:

    eth0 : public IP
    eth1 :
    tun0 :

    The server's eth1 connects to a LAN:
    LAN :

    My objective is to reach the LAN from the Internet when connected to the VPN. At this point I can do the following:

    - connect to the VPN
    - ping eth1 from the Internet when connected to the VPN
    - SSH into LAN from the vpn server (independent of VPN connectivity)

    I cannot :

    - ping or SSH into LAN from the Internet (when connected on the VPN). This is my objective.

    More information:

    - net.ipv4.ip_forward is on

    - output of netstat -r (with Flags, MSS, Window, irtt omitted)
    default---------"public ip"-----

    - iptables
    # Allow traffic initiated from VPN to access LAN
    -I FORWARD -i tun0 -o eth1 -s -d -m conntrack --ctstate NEW -j ACCEPT

    # Allow traffic initiated from VPN to access "the world"
    -I FORWARD -i tun0 -o eth0 -s -m conntrack --ctstate NEW -j ACCEPT

    #Allow traffic initiated from LAN to access "the world"
    -I FORWARD -i eth1 -o eth0 -s -m conntrack --ctstate NEW -j ACCEPT

    # Allow established traffic to pass back and forth
    -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

    # Masquerade traffic from VPN to "the world" -- done in the nat table
    -t nat -I POSTROUTING -o eth0 -s -j MASQUERADE

    # Masquerade traffic from LAN to "the world"
    -t nat -I POSTROUTING -o eth0 -s -j MASQUERADE

    Any insight is welcome. Of course if any more info is required I'll be happy to provide it.

    Desperately yours.

  2. #2
    SOLVED: packets from the local network didn't know how to get back in the reverse direction (to Just to be perfectly clear, this was not an OpenVPN problem. I added a static route on the subnet's default gateway that forwards any traffic destined for the subnet to the OpenVPN server.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts