Differences

This shows you the differences between two versions of the page.

--- ubuntu:vpn:openvpn:l3_tunneling [2021/07/02 16:31] – created peter
+++ ubuntu:vpn:openvpn:l3_tunneling [2021/07/02 17:18] (current) – [NAT the clients to the IP of the OpenVPN server] peter
@@ Line 128: / Line 128: @@
 If everything is working correctly, the client can connect to the server.
+Unfortunately, communication with other destinations then the server itself will fail, as the OpenVPN server is not able to route traffic.
 </WRAP>
+----
+===== Enable Routing =====
+Uncomment this line in /etc/sysctl.conf:
+<file bash /etc/sysctl.conf>
+net.ipv4.ip_forward = 1
+</file>
+<WRAP info>
+**NOTE:**  This will make sure, that routing is enabled after the next system restart.
+</WRAP>
+<WRAP info>
+**NOTE:**  To temporarily allow routing without a reboot:
+<code bash>
+echo 1 > /proc/sys/net/ipv4/ip_forward
+</code>
+</WRAP>
+----
+===== NAT the clients to the IP of the OpenVPN server =====
+<code bash>
+iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
+</code>
+<WRAP info>
+**NOTE:**  This will instruct the system to map every packet from the 10.0.0.0/24 subnet to the IP address of the eth0 interface.
+</WRAP>
+To make this permanent save the iptables rule to a file:
+<code bash>
+iptables-save > /etc/iptables.up.rules
+</code>
+To load the rules on startup use put it into this file:
+<file bash /etc/network/if-pre-up.d/iptables>
+iptables-restore < /etc/iptables.up.rules
+</file>
+This will make sure, that the NAT instruction is loaded after a system reboot.