1

I'm trying to setup a simple VPN without port forwarding.

I have:

  • raspberry pi connected to a LAN (eth0 - 192.168.1.0/24)
  • internet accessible vps server
  • laptop & android device that needs access to the LAN using a VPN

I read that I can use tinc to establish a peer to peer connection between the raspberry pi and VPS server. This worked great so now I have created a network between vps and raspberry on 10.0.0.0/32 on dev tun0:

  • VPS running tinc server 10.0.0.1
  • Raspberry pi running tinc client 10.0.0.2 (subnet 10.0.0.0/32 & subnet 192.168.1.0/24)

From VPS I can access the LAN (e.g. 192.168.1.1) over ssh which is great. But the problem now is connecting to the VPS over a new VPN connectiong. For this I installed openvpn on the VPS.

This created a dev tun1 on the VPS, my VPS has 10.8.0.1. When I connect to the VPS over openVPN I get 10.8.0.2 on my client.

I issue is I cannot ping 192.168.1.1 or 10.0.0.2 from the client but I can ping 10.0.0.1.

Any idea what I could be doing wrong?

thanks in advance!

xepa
  • 21
  • 4

1 Answers1

1

I found the solution. I just need to add a postrouting and forward chain rule from tun1 to tun0.

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun1 -o tun0 -j ACCEPT
xepa
  • 21
  • 4
  • xepa, thanks for following up your own post with an answer! Is it possible to include a little more detail in the answer for folks in the future who may land here, even possibly including yourself :) – KyleMit Jan 15 '22 at 21:24
  • added some more details for future reference – xepa Jan 16 '22 at 09:16