Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: OpenVPN and NAT
Operating Systems Solaris OpenVPN and NAT Post 302951368 by nickb1976 on Wednesday 5th of August 2015 04:27:59 PM
Old 08-05-2015
OpenVPN and NAT
Hi.
I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term.
I would like to route all VPN client requests for addresses not hosted on my network out via net0 on the server to my router and then the internet, allowing my VPN clients to browse the interweb hiding behind my router and VPN.

Looking at the guide on the OpenVPN wiki for bridging and routing (sorry cant post URLs yet, but a google will find it)

can anyone help me translate the following Linux NAT config:
Code:
# Allow traffic initiated from VPN to access "the world"
iptables -I FORWARD -i tun0 -o eth1 \
-s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
# Masquerade traffic from VPN to "the world" -- done in the nat table
iptables -t nat -I POSTROUTING -o eth1 \
-s 10.8.0.0/24 -j MASQUERADE

into a Solaris config? I know it requires an IPFilter rule to allow packets out on net0, and presumably in on tun0, and to that end I've allowed all port 80 packets in and out on all interfaces. I have also created a ipnat rule as follows.... I suspect this is the cause of my problem, and it doesn't match the Linux config above:

Code:
map 10.8.0.0/24 -> 192.168.1.0/24 #tun0 range to net0 range


any help would be really appreciated
Last edited by Don Cragun; 08-05-2015 at 06:11 PM.. Reason: Add CODE tags.
 

8 More Discussions You Might Find Interesting

1. Cybersecurity

RV082 with OpenVPN and/or isakmpd

Has anyone gotten either isakmpd or OpenVPN working with a Linksys RV082? Would you be willing to share a conf file? Thanks! (0 Replies)
Discussion started by: vertigo23
0 Replies

2. UNIX for Advanced & Expert Users

OpenVPN 2.09 ns-cert-type ???

--ns-cert-type client|server Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server". This is a useful security option for clients, to ensure that the host they connect with is a designated server. See the easy-rsa/build-key-server script for... (0 Replies)
Discussion started by: kungpow
0 Replies

3. Shell Programming and Scripting

Help with a bash script for openvpn

I've got a openvpn server and I'm searching a way to permit that a certain certificate is operative only if the connection comes from from a certain ip. Others certificates must have not this limitation because they are for road warriors and we don't know where they can come from. So the idea is... (0 Replies)
Discussion started by: eXadecimal
0 Replies

4. IP Networking

OPENVPN on FREEBSD

Hello gurus , I have a vmware machine on xp wich holds a FREBSD 8.0 BETA2 i386 my xp ip is 192.168.0.12 my freebsd le0 ( ext iface, vmware bridged ) is 192.168.0.105 ( can ping google; etc...) my freebsd le2 (int iface, vmware local only) is 192.168.141.5 my freebsd le1 is disabled as... (0 Replies)
Discussion started by: cozsmin
0 Replies

5. IP Networking

Cisco VPN pcf and OpenVPN

I was given my pcf file to login to work from home and wanted to use OpenVPN instead of the Cisco VPN client software. Can I use this pcf file with OpenVPN? I attempted to use vpnc: http://wiki.centos.org/HowTos/vpnc but it just times out ?? (2 Replies)
Discussion started by: metallica1973
2 Replies

6. UNIX for Dummies Questions & Answers

How do I install a OpenVPN in CentOS?

Hi, I have looked at different tutorials across the net on how to install a OpenVPN in Linux CentOS but I can't understand any of the instructions given. So I typed myself some step-by-step instructions that I do understand. This is the type of simplified instructions I do... (1 Reply)
Discussion started by: TheCorporation
1 Replies

7. UNIX for Dummies Questions & Answers

iptables for openvpn

Hey all, I'm trying to get openvpn working on DD-WRT router. I can make a connection inside my lan, but outside the connection is yellow. I think yellow means it is close to making a connection, but it never completes the connection. So I believe there is a problem with my iptables since it... (0 Replies)
Discussion started by: sdnix
0 Replies

8. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

LEARN ABOUT DEBIAN

shorewall6-rtrules

SHOREWALL6-RTRULES(5)						  [FIXME: manual]					     SHOREWALL6-RTRULES(5)

NAME

       rtrules - Shorewall6 Routing Rules file

SYNOPSIS

       /etc/shorewall6/rtrules

DESCRIPTION

       Entries in this file cause traffic to be routed to one of the providers listed in shorewall6-providers[1](5).

       The columns in the file are as follows.

       SOURCE (Optional) - {-|interface|address|interface:<address>}
	   An ip address (network or host) that matches the source IP address in a packet. May also be specified as an interface name optionally
	   followed by ":" and an address. If the device lo is specified, the packet must originate from the firewall itself.

	   Beginning with Shorewall 4.5.0, you may specify &interface in this column to indicate that the source is the primary IP address of the
	   named interface.

       DEST (Optional) - {-|address}
	   An ip address (network or host) that matches the destination IP address in a packet.

	   If you choose to omit either SOURCE or DEST, place "-" in that column. Note that you may not omit both SOURCE and DEST.

       PROVIDER - {provider-name|provider-number|main}
	   The provider to route the traffic through. May be expressed either as the provider name or the provider number. May also be main or 254
	   for the main routing table. This can be used in combination with VPN tunnels, see example 2 below.

       PRIORITY - priority
	   The rule's numeric priority which determines the order in which the rules are processed. Rules with equal priority are applied in the
	   order in which they appear in the file.

	   1000-1999
	       Before Shorewall6-generated 'MARK' rules

	   11000-11999
	       After 'MARK' rules but before Shorewall6-generated rules for ISP interfaces.

	   26000-26999
	       After ISP interface rules but before 'default' rule.

       MARK - {-|mark[/mask]}
	   Optional -- added in Shorewall 4.4.25. For this rule to be applied to a packet, the packet's mark value must match the mark when
	   logically anded with the mask. If a mask is not supplied, Shorewall supplies a suitable provider mask.

EXAMPLES

       Example 1:
	   You want all traffic coming in on eth1 to be routed to the ISP1 provider.

		       #SOURCE		       DEST	       PROVIDER        PRIORITY    MASK
		       eth1		       -	       ISP1	       1000

FILES

       /etc/shorewall6/rtrules

SEE ALSO

       http://shorewall.net/MultiISP.html

       shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
       shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-routestopped(5),
       shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
       shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)

NOTES

	1. shorewall6-providers
	   http://www.shorewall.net/manpages6/shorewall6-providers.html

[FIXME: source] 						    06/28/2012						     SHOREWALL6-RTRULES(5)
All times are GMT -4. The time now is 07:07 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy