1

I need to route all traffic coming and going from/to eth0 through openVPN before I send/receive it to/from eth1, this is a virtual machine Debian, you can call it a virtual router.

The idea is to put a dhcp on eth1, clients will connect to eth1. I want all clients to automatically be connected to the VPN.

Currently, I can route eth0 to eth1 with a DHCP in between, so clients will get their IP address and are able to browse, but as soon as I turn on openVPN, the clients can't access internet anymore.

To illustrate what I want, this might help: Drawing

How to achieve this?

Improve this question

3 Answers 3

Reset to default
1

I presume you are NATting your system via iptables, with something like:

   iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
   iptables --append FORWARD --in-interface eth1 -j ACCEPT

This is nearly right, all you have to do is to change the first one to:

   iptables --table nat --append POSTROUTING --out-interface tun3 -j MASQUERADE

and now all of your traffic will go through the OpenVPN.

Improve this answer
1
  • Great, it works. This is my final configuration: *nat :PREROUTING ACCEPT [3:381] :INPUT ACCEPT [1:239] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [2:142] -A POSTROUTING -o tun3 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [1:239] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT COMMIT Thanks for the help!
    – John Smith
    Commented Dec 17, 2013 at 9:25
0

Looks like you essentially want to perform Network Address Translation (NAT) - http://docstore.mik.ua/orelly/unix3/upt/ch46_11.htm

I doubt this is right but you could also try to use xinetd to perform the routing to proper services.

Improve this answer
3
  • I already am NATTING my traffic from eth0 to eth1 with a DHCP listening on eth1, so that works I guess. The problem is that when I start the openvpn daemon, no clients can reach WWW anymore... How does this happen?
    – John Smith
    Commented Dec 16, 2013 at 20:38
  • What's eth0s gateway?
    – falconspy
    Commented Dec 16, 2013 at 21:25
  • eth0's gateway would be VMware Network Adapter VMnet1, which is an adapter on my Windows Host machine, which NATS from Local Area Connection, which is basically my cabled connection to my router which is connected to "The Internet".
    – John Smith
    Commented Dec 16, 2013 at 21:51
0

Without knowing more about your setup, it is difficult to know why NAT isn't working for you.

I might also suggest a bridged interface on the vpn client.

Improve this answer
1
  • Well, this is all routes I have, where tun3 should be the openVPN adapter, eth0 is the incoming, eth1 is the one where all clients connect on, thus the DHCP server is listening.i39.tinypic.com/dzth88.png
    – John Smith
    Commented Dec 16, 2013 at 21:13

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .