disable NAT in openvpn

networking routing openvpn nat
8,561

On the OpenVPN server there must be a rule like 

        iptables -t nat -A POSTROUTING -i tun0 -j MASQUERADE

You can find it with

      iptables-t nat -L -n -v

You must suppress this rule.

If, as you claim (but did you run

      iptables -t nat -L -n -v

to double-check there are no iptables rules at at play?), the only other possibility is that natting is done through the iproute2 suite. Do

    cat /etc/iproute2/rt_tables

jot down the names of the table you have, then issue

     ip route table TABLE_NAME | grep ^nat

and see whether you can find some output. If you do, it means that the packet headers are rewritten by the iproute2 command ip route add nat ... All you need to do is to delete the routing table in question.

These are the two possibilities, tertium non datur.

Now you need to add a rule to the router to route packets for the OpenVPN subnet 10.0.0.0/24 via the OpenVPNserver (let's assume it has IP address192.168.0.127). If the router were a Linux machine the following command would do:

       ip route add 10.0.0.0/24 via 192.168.0.127

Most routers, like Cisco's , have an Advanced routing capability, to be found in theri GUI. You should use that to specify the route above.

Share:
8,561

Related videos on Youtube

Hans
Author by

Hans

Updated on September 18, 2022

Comments

  • Hans
    Hans almost 2 years

    I'm having a similar problem to this: OpenVPN without NAT

    Seems it wasn't answered yet.

    Description of my situation: I have an openvpn server on network A which another admin installed before he left the company, now several users and servers connect to that openvpn server to access network A and get NATed so all requests from vpn users/servers have the source address from the openvpn server.

    Now I need a server on network A to access one of the openvpn clients/servers and want to disable NAT in openvpn to expose the "vpn internal" IP addresses of these clients and servers.

    I know that I need to add a route on Network A to access the vpn network, that's clear to me but I cannot see how to disable NAT in openvpn, also there are no IPtables rules present so some openvpn internal NAT mechanism seems to be in use.

    Which options I need to check to disable NAT?

  • Hans
    Hans almost 9 years
    As I said there are no IPtables rules present on the openvpn server. I monitored network traffic using tcpdump on the openvpn server, when looking at the tun device of openvpn, I can see traffic from source address of the vpn-client tunnel IP and destination IP is on network A. When looking at the network A interface of the vpn server, I can see the same packets with source IP of the openvpn server instead of the tunnel-ip of that vpn user. Any ideas which parameter to check?
  • MariusMatutiae
    MariusMatutiae almost 9 years
    @Hans Have you looked at the output of iptables -t nat -L -n -v on the OpenVPN server?
  • MariusMatutiae
    MariusMatutiae almost 9 years
    @Hans Pls re-read my post for new info.
  • Hans
    Hans almost 9 years
    Thank you, I did not check iptables -t nat -L -n -v, only iptables -L (as I do usually) and it did not show the nat table (-t nat). Now I found that rule which was present, then I searched in /etc where this is configured and found that the guy added it to /etc/rc.local I removed the nat rule (iptables -t nat -F) and now tcpdump shows the traffic as expected :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

OpenVPN connecting but no internet access on Ubuntu 16.04 / 18.04 / 20.04
Split tunnel routing a specific port over OpenVPN on Ubuntu Server 12.04
Setting default route for tun1: RTNETLINK answers: No such process
Only routing certain traffic through VPN
openvpn - How to set client to use local gateway? aka use connection for resources on its network only
OpenVPN router - how to propagate 255.255.255.255 broadcasts on VPN?
Routing subnet to specific routing table with fwmark, direct to ISP and VPN
OpenVPN without NAT
Conntrack TCP Timeout for state stablished not working
Yet another routing issue in OpenVPN - Cannot access local machines while on VPN