Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums  
 User profiles home     Create your own profile!     List of all user profiles     Advertise here
Saturday 28.11.2009 / 08:00 PM
Search AfterDawn.com:        In English   Suomeksi   På svenska
afterdawn.com / profiles / afterdawn tech stuff / blog archive / routing between lan and vpn behind nat /
Home Blog Pictures Shoutbox Links

Routing between LAN and VPN behind NAT

02 Mar 2009 7:39 (Edited: 02 Mar 2009 7:39)

Took a while to get traffic routed from remote OpenVPN clients to LAN at the OpenVPN server end.

Here's the network setup:

Remote office:

Router: 10.1.1.250 / 255.255.255.0
OpenVPN server LAN IP (eth0): 10.1.1.1
OpenVPN server VPN IP (tun0): 10.8.0.1
LAN DNS server IP: 10.1.1.10

Key settings from openvpn server.conf:

push "route 10.1.1.0 255.255.255.0"
push "dhcp-option DNS 10.1.1.10" # DNS server
push "dhcp-option WINS 10.1.1.10" # WINS server address

Now the problem is that while remote VPN clients can successfully ping the LAN IP of the OpenVPN server (10.1.1.1), they cannot ping other hosts in the LAN (for example the DNS/WINS server, 10.1.1.10).

Routing traffic between VPN and LAN worked as long as the OpenVPN server acted also as the router for the network. When routing was moved to another server (10.0.0.250), VPN<->LAN routing went bust.

The problem is easily solved with applying the following iptables rule and enabling IP forwarding (using CentOS v4.7):

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# sysctl -w net.ipv4.ip_forward=1

Make sure you enable ip_forwarding at /etc/sysctl.conf to make the setting persist through boots. Don't forget to save the iptables rules as well with, for example, iptables-save.

Tags: lan  nat  openvpn  routing 

 

User comments

    (No comments made)

Post your comment

In order to post your comments here, you need be logged in to our system. Simply follow this link in order to login and to post your comments here.

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2009 by AfterDawn Ltd.