-1

I've been trying to solve this problem for a very long time. The situation is as follows:

Computer(s) -> Huawei B525 router -> VPS with xl2tpd -> Internet

I have a Huawei B525 router. It has enabled a DHCP server that assigns IP addresess from 192.168.8.0/24 network. I also have a VPN (L2TP) installed on VPS.

After connecting the Huawei router to VPN it has an IP address 192.168.42.10. Gateway has an IP address 192.168.42.1 (so as expected). The internet works fine, devices behind Huawei router can ping other devices connected to the VPN. But I don't have access to mentioned machines (behind the router) from other devices, ex. also connected to VPN (or from VPS itself).

The perfect solution would be access to 192.168.8.0/24 devices and it's ports from VPS and other VPN devices.

Route print:

route table

Iptables - filter:

iptables - filter

Iptables - nat:

iptables - nat

Sokołow
  • 521
  • 5
  • 18

1 Answers1

0

Usually you should not be doing NAT when you want all the clients to have access to a network and between them.

What you are looking for requires 2 basic steps:

1) Allow client-to-client communication in the L2TP VPN. For example without enabling this in the case of Openvpn it will not allow routing between the clients.

2) Push routes accordingly. For example you will need to push the 192.168.8.0/24 route to the other VPN clients connecting, this will have to be set in the L2TP as well.

Remove the NAT rules, make sure the FORWARDING rules are set for the 192.168.8.0/24 network using the dev used for the VPN, and let the VPN (correctly configured) take care.

And also make sure to add the route in the VPS pointing to the vPN interface when trying to reach your local net ip route add -net 192.168.8.0/24 dev ppp0

Sorry this is not an answer with config examples/iptables rules, you will still have to do that yourself :)

mrbarletta
  • 902
  • 11
  • 17