Iptables/TC: how to make masqueraded traffic go through an openVPN tun0?
We have a setup of three computers;
Machine A (eth0) -> Machine B (eth0, hso0, tun0) -> Machine C (eth0, tun0)
hso0 is the packet interface of a 3G modem, it behaves like a normal network interface.
Machine B and C are connected in a VPN using openVPN (TCP). Machine A is a client that receives Network-configuration using DHCP from Machine B automatically.
Machine A eth0 : DHCP
Machine B eth0 : 192.168.2.1
Machine B hso0 : Static IP addr, Internet use
Machine B tun0 : 10.11.0.10 (openVPN client)
Machine C eth0 : Static IP addr, Internet use
Machine C tun0 : 10.11.0.1 (openVPN server)
OpenVPN (server) is configured to allow Internet-traffic to its clients. Code in server.conf:
# Make sure clients traverse tun0 when accessing Internet
push "redirect-gateway def1"
# Push a DNS server (handled by openVPN)
push "dhcp-option DNS 10.11.0.1"
We’re having issues to make Machine C release Internet traffic from Machine A. Note that we have setup masquerading on Machine B using iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.
Currently Iptables on Machine B and Machine C have a policy of ACCEPT.
We have managed to make traffic from Machine A reach Machine C, but only with the internal IP of 192.168.2.48 (DHCP).
OpenVPN drops those packets (as it should!) because they come from 192.* and not 10.*
Is there a way to solve this? Thank you!