Here is a quick diagram of what i'm trying to configure
I have multiple clients connecting to my VPN Server (from 10.0.1.2 to 10.0.25.2). Each LAN behind the clients are always the same : 192.168.1.0/24 and devices use the client as default gateway. I need that each remote user have only access to some devices behind each client
What kind of configuration need I make to get access to LAN device via an address in the VPN subnet ?
for example :
- device1-behind-client_001 : 192.168.169.125/24 <=> 10.0.1.101
- device2-behind-client_001 : 192.168.169.126/24 <=> 10.0.1.102
- device3-behind-client_001 : 192.168.169.127/24 <=> 10.0.1.103
- device1-behind-client_002 : 192.168.169.125/24 <=> 10.0.2.101
- device1-behind-client_003 : 192.168.169.125/24 <=> 10.0.3.101
Each client are already connected to the server and configured with tun interface.
Edit
iptables on my OpenVPN server
iptables -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A POSTROUTING -s 10.0.0.0/16 -o eth0 -j MASQUERADE
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables on client_001 (example)
iptables -t nat -A PREROUTING -d 10.0.1.102/32 -i eth0 -j DNAT --to-destination 192.168.1.126
iptables -t nat -A POSTROUTING -s 192.168.1.126/32 -o eth0 -j SNAT --to-source 10.0.1.102/32
With this configuration, if a remote user is connected to the server, can he access the 192.168.1.126 device on the client_001 lan via this address 10.0.1.102 ?
