Forward port to OpenVPN Client
Ok I know what was wrong:
- I had more than one
VPNClient
with the sameIPAddress
. So I gave each of them a staticIPAddress
Define a directory where the client scripts should be stored , e.g. /etc/openvpn/staticclients and create the directory
mkdir /etc/openvpn/staticclients
Add this directory as option to your openvpn configfile at the server:
client-config-dir /etc/openvpn/staticclients
For each client you have to create a file. The filename must match the
common name
attribute that was specified at the certificate of the client. This command gets the CN from the computers certificate:This example pushs the
IPAddress
10.1.134.110/10.1.134.109 to the Client with thecommon name
TESTCLIENT and also pushes a additional route for subnet 10.1.135.0.cat /etc/openvpn/staticclients/TESTCLIENT ifconfig-push 10.1.134.110 10.1.134.109 push "route 10.1.135.0 255.255.255.0 10.1.134.62"
http://www.yougetsignal.com/tools/open-ports/ and http://canyouseeme.org/ didn't correctly detects the ports. I had to additionally start my application on the client, that the websites were able to see these ports.
No need of additionally
SNAT
rules. Only these rules were needed:
sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p tcp --dport 28006 -j DNAT --to 10.1.134.110
Related videos on Youtube
Dominic Jonas
Updated on September 18, 2022Comments
-
Dominic Jonas over 1 year
I have an
OpenVPN
server on my vps running. Now I want to forward some specific ports to my clients. I have already added some rules to myiptables
without any success. Maybe someone can have a look.IP - Forwarding is already enabled
sysctl -w net.ipv4.ip_forward=1
Thanks!
-
Admin about 7 yearsSureley there’s no need to censor the addresses because they’re supposed to be VPN-internal.
-