Vpn-gateway

From wikipost
Revision as of 03:35, 14 October 2015 by Admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

You can use the OpenVPN server as the client's default gateway. This method is used by commercial VPN as-a-service companies to offer overseas client 'exit nodes' in order to bypass any local restrictions or traffic filtering. See openvpn-setup for setting up the vpn.

The server must be instructed to route and forward any vpn traffic to its default gateway (wherever it is located).


  • for a server that is connected with a public ip (e.g. 158.22.51.103)

relevant section in /etc/rc.firewall 

# forward packets to and from vpn tunnel to local network
echo "1" > /proc/sys/net/ipv4/ip_forward

# allow incoming OpenVPN traffic
$IPTABLES -A INPUT -p UDP -i $INT_IF --dport 655 -m state --state NEW -j ACCEPT

# vpn output rules
$IPTABLES -A OUTPUT -p ALL -s $VPN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $VPN_NW -j ACCEPT

# Forwarding rules
# forward vpn packets to and from local lan
$IPTABLES -A FORWARD -i $VPN_IF -o $INT_IF -j ACCEPT
$IPTABLES -A FORWARD -i $INT_IF -o $VPN_IF -j ACCEPT

# Masquerading rules
# masquerade outgoing vpn traffic to local lan so we receive replies
$IPTABLES -t nat -A POSTROUTING -o $INT_IF -j MASQUERADE


add this to the client openvpn config file: 

redirect-gateway def1 bypass-dhcp
dhcp-option DNS 10.8.9.1
Retrieved from ‘https://www.marcelpost.com/wiki/index.php?title=Vpn-gateway&oldid=2074