0

My server is using CentOS 6.4 64 bit and have 2 network adapter. 1st adapter have an internet ip: 192.241.190.x 2rd adapter is an LAN network with ip: 10.60.5.62

I installed openvpn and config for server on it, my client connect to server by ip 192.241.190.x.

Here is my server config: 

port 11592
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.1.0 255.255.255.0
topology subnet
push "route 10.60.5.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 3

I already add push "route 10.60.5.0 255.255.255.0" but my client cant connect to other server has ip like 10.60.5.64.

How can i route traffic to ip 10.60.5.x through VPN correctly. I open /etc/sysctl.conf for editing and set the value of net.ipv4.ip_forward to 1 too but not work.

Viet
  • 113
  • 1
  • 5

1 Answers1

0

You need to setup some iptables work to tell the system to masq your traffic. Here's my example. Some of this might not be needed to work

bond0 is my internal subnet

bond1 is my public subnet where openvpn clients connect into which has an IP of 1.2.3.4

10.113.0.0/16 is my VPN clients subnet

I removed most of my rules but let in some to show you how it would look

iptables -A POSTROUTING -s 10.113.0.0/24 -o bond0 -j MASQUERADE
iptables -A POSTROUTING -d 10.113.0.0/24 -j SNAT --to-source 1.2.3.4

That pretty much worked for me.. Allowed me to connect to VPN and as long as the correct routes are pushed to the clients allows them to send internal traffic through openvpn server in one interface and out the other and allows it to route back through.

Mike
  • 22,310
  • 7
  • 56
  • 79