Setting Up Openvpn
Posted by Richard Sat, May 26 2007 06:39
Recently, I setup openvpn so I could connect to a network remotely. I wanted to route traffic to that network via openvpn even through the machines on the remote network were public IP addresses. Here is what I did.
For the most part, I followed the howto and modified the example configuration files for the client on server. In this post, I am going to try and capture the unusual things I ran across that I had to do.
Here is the basic diagram.
Client Server Machine Openvpn Gateway Machine 192.168.30.100 --> 10.8.30.1/10.8.30.2 --> 155.40.100.43
I wanted select subnets on the 155.40.x.x network to be routed through the openvpn connection. Here is an example of the modification I made to the server.conf. This has the openvpn server push route changes to the client for select subnets.
... push "route 155.40.120.x 255.255.255.0" push "route 155.40.174.x 255.255.255.0" push "route 155.40.56.x 255.255.255.0" ...
On the server, I had to add the following for routing the subnets via iptables.
# enable ip forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # setup nat routing iptables -t nat -A POSTROUTING -s 10.8.30.0/24 -o eth0 -j MASQUERADE
The last iptables command was the tricky command to figure out. Once I added it, I was able to connect to machines on those subnets (155.40.120, 155.40.174, 155.40.56) through the openvpn connection to 155.40.100.43. I was able to confirm this by running the "traceroute" command.
$ traceroute 155.40.174.23
That is a brief summary of what I did. I am now able to connect to the select subnets via openvpn. My new openvpn connection appears to have come through the Remote Machine. This suits my needs nicely.
For more details on how to setup openvpn, see the website for both the howto and the FAQs.
