Route Internet from eth0 to openvpn to eth1

1

I need to route all traffic coming and going from/to eth0 through openVPN before I send/receive it to/from eth1, this is a virtual machine Debian, you can call it a virtual router.

The idea is to put a dhcp on eth1, clients will connect to eth1. I want all clients to automatically be connected to the VPN.

Currently, I can route eth0 to eth1 with a DHCP in between, so clients will get their IP address and are able to browse, but as soon as I turn on openVPN, the clients can't access internet anymore.

To illustrate what I want, this might help: Drawing

How to achieve this?

John Smith

Posted 2013-12-16T20:17:22.100

Reputation: 143

Answers

1

I presume you are NATting your system via iptables, with something like:

   iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
   iptables --append FORWARD --in-interface eth1 -j ACCEPT

This is nearly right, all you have to do is to change the first one to:

   iptables --table nat --append POSTROUTING --out-interface tun3 -j MASQUERADE

and now all of your traffic will go through the OpenVPN.

MariusMatutiae

Posted 2013-12-16T20:17:22.100

Reputation: 41 321

Great, it works. This is my final configuration:

`*nat :PREROUTING ACCEPT [3:381] :INPUT ACCEPT [1:239] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [2:142] -A POSTROUTING -o tun3 -j MASQUERADE COMMIT

*filter :INPUT ACCEPT [1:239] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT COMMIT`

Thanks for the help! – John Smith – 2013-12-17T09:25:06.297

0

Looks like you essentially want to perform Network Address Translation (NAT) - http://docstore.mik.ua/orelly/unix3/upt/ch46_11.htm

I doubt this is right but you could also try to use xinetd to perform the routing to proper services.

falconspy

Posted 2013-12-16T20:17:22.100

Reputation: 592

I already am NATTING my traffic from eth0 to eth1 with a DHCP listening on eth1, so that works I guess. The problem is that when I start the openvpn daemon, no clients can reach WWW anymore... How does this happen? – John Smith – 2013-12-16T20:38:23.157

What's eth0s gateway? – falconspy – 2013-12-16T21:25:07.260

eth0's gateway would be VMware Network Adapter VMnet1, which is an adapter on my Windows Host machine, which NATS from Local Area Connection, which is basically my cabled connection to my router which is connected to "The Internet". – John Smith – 2013-12-16T21:51:19.097

0

Without knowing more about your setup, it is difficult to know why NAT isn't working for you.

I might also suggest a bridged interface on the vpn client.

Larry

Posted 2013-12-16T20:17:22.100

Reputation: 31

Well, this is all routes I have, where tun3 should be the openVPN adapter, eth0 is the incoming, eth1 is the one where all clients connect on, thus the DHCP server is listening.http://i39.tinypic.com/dzth88.png

– John Smith – 2013-12-16T21:13:34.063