OpenVPN and NAT


 
Thread Tools Search this Thread
Operating Systems Solaris OpenVPN and NAT
# 1  
Old 08-05-2015
OpenVPN and NAT

Hi.
I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term.
I would like to route all VPN client requests for addresses not hosted on my network out via net0 on the server to my router and then the internet, allowing my VPN clients to browse the interweb hiding behind my router and VPN.

Looking at the guide on the OpenVPN wiki for bridging and routing (sorry cant post URLs yet, but a google will find it)

can anyone help me translate the following Linux NAT config:
Code:
# Allow traffic initiated from VPN to access "the world"
iptables -I FORWARD -i tun0 -o eth1 \
-s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
# Masquerade traffic from VPN to "the world" -- done in the nat table
iptables -t nat -I POSTROUTING -o eth1 \
-s 10.8.0.0/24 -j MASQUERADE

into a Solaris config? I know it requires an IPFilter rule to allow packets out on net0, and presumably in on tun0, and to that end I've allowed all port 80 packets in and out on all interfaces. I have also created a ipnat rule as follows.... I suspect this is the cause of my problem, and it doesn't match the Linux config above:

Code:
map 10.8.0.0/24 -> 192.168.1.0/24 #tun0 range to net0 range


any help would be really appreciated

Last edited by Don Cragun; 08-05-2015 at 06:11 PM.. Reason: Add CODE tags.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

2. UNIX for Dummies Questions & Answers

iptables for openvpn

Hey all, I'm trying to get openvpn working on DD-WRT router. I can make a connection inside my lan, but outside the connection is yellow. I think yellow means it is close to making a connection, but it never completes the connection. So I believe there is a problem with my iptables since it... (0 Replies)
Discussion started by: sdnix
0 Replies

3. UNIX for Dummies Questions & Answers

How do I install a OpenVPN in CentOS?

Hi, I have looked at different tutorials across the net on how to install a OpenVPN in Linux CentOS but I can't understand any of the instructions given. So I typed myself some step-by-step instructions that I do understand. This is the type of simplified instructions I do... (1 Reply)
Discussion started by: TheCorporation
1 Replies

4. IP Networking

Cisco VPN pcf and OpenVPN

I was given my pcf file to login to work from home and wanted to use OpenVPN instead of the Cisco VPN client software. Can I use this pcf file with OpenVPN? I attempted to use vpnc: http://wiki.centos.org/HowTos/vpnc but it just times out ?? (2 Replies)
Discussion started by: metallica1973
2 Replies

5. IP Networking

OPENVPN on FREEBSD

Hello gurus , I have a vmware machine on xp wich holds a FREBSD 8.0 BETA2 i386 my xp ip is 192.168.0.12 my freebsd le0 ( ext iface, vmware bridged ) is 192.168.0.105 ( can ping google; etc...) my freebsd le2 (int iface, vmware local only) is 192.168.141.5 my freebsd le1 is disabled as... (0 Replies)
Discussion started by: cozsmin
0 Replies

6. Shell Programming and Scripting

Help with a bash script for openvpn

I've got a openvpn server and I'm searching a way to permit that a certain certificate is operative only if the connection comes from from a certain ip. Others certificates must have not this limitation because they are for road warriors and we don't know where they can come from. So the idea is... (0 Replies)
Discussion started by: eXadecimal
0 Replies

7. UNIX for Advanced & Expert Users

OpenVPN 2.09 ns-cert-type ???

--ns-cert-type client|server Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server". This is a useful security option for clients, to ensure that the host they connect with is a designated server. See the easy-rsa/build-key-server script for... (0 Replies)
Discussion started by: kungpow
0 Replies

8. Cybersecurity

RV082 with OpenVPN and/or isakmpd

Has anyone gotten either isakmpd or OpenVPN working with a Linksys RV082? Would you be willing to share a conf file? Thanks! (0 Replies)
Discussion started by: vertigo23
0 Replies
Login or Register to Ask a Question