Difference between revisions of "Vpn-gateway"
Latest revision as of 14:35, 14 October 2015
You can use the OpenVPN server as the client's default gateway. This method is used by commercial VPN as-a-service companies to offer overseas client 'exit nodes' in order to bypass any local restrictions or traffic filtering. See openvpn-setup for setting up the vpn.
The server must be instructed to route and forward any vpn traffic to its default gateway (wherever it is located).
- for a server that is connected with a public ip (e.g. 220.127.116.11)
relevant section in /etc/rc.firewall
# forward packets to and from vpn tunnel to local network echo "1" > /proc/sys/net/ipv4/ip_forward # allow incoming OpenVPN traffic $IPTABLES -A INPUT -p UDP -i $INT_IF --dport 655 -m state --state NEW -j ACCEPT # vpn output rules $IPTABLES -A OUTPUT -p ALL -s $VPN_IP -j ACCEPT $IPTABLES -A OUTPUT -p ALL -s $VPN_NW -j ACCEPT # Forwarding rules # forward vpn packets to and from local lan $IPTABLES -A FORWARD -i $VPN_IF -o $INT_IF -j ACCEPT $IPTABLES -A FORWARD -i $INT_IF -o $VPN_IF -j ACCEPT # Masquerading rules # masquerade outgoing vpn traffic to local lan so we receive replies $IPTABLES -t nat -A POSTROUTING -o $INT_IF -j MASQUERADE
add this to the client openvpn config file:
redirect-gateway def1 bypass-dhcp dhcp-option DNS 10.8.9.1