Vpn-gateway: Difference between revisions

From wikipost
Jump to navigation Jump to search
No edit summary
 
(No difference)

Latest revision as of 03:35, 14 October 2015

You can use the OpenVPN server as the client's default gateway. This method is used by commercial VPN as-a-service companies to offer overseas client 'exit nodes' in order to bypass any local restrictions or traffic filtering. See openvpn-setup for setting up the vpn.

The server must be instructed to route and forward any vpn traffic to its default gateway (wherever it is located).


  • for a server that is connected with a public ip (e.g. 158.22.51.103)

relevant section in /etc/rc.firewall

# forward packets to and from vpn tunnel to local network
echo "1" > /proc/sys/net/ipv4/ip_forward

# allow incoming OpenVPN traffic
$IPTABLES -A INPUT -p UDP -i $INT_IF --dport 655 -m state --state NEW -j ACCEPT

# vpn output rules
$IPTABLES -A OUTPUT -p ALL -s $VPN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $VPN_NW -j ACCEPT

# Forwarding rules
# forward vpn packets to and from local lan
$IPTABLES -A FORWARD -i $VPN_IF -o $INT_IF -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -o $VPN_IF -j ACCEPT

# Masquerading rules
# masquerade outgoing vpn traffic to local lan so we receive replies
$IPTABLES -t nat -A POSTROUTING -o $INT_IF -j MASQUERADE


add this to the client openvpn config file:

redirect-gateway def1 bypass-dhcp
dhcp-option DNS 10.8.9.1