How to create routes for an OpenVPN tunnel?
I read all communications with Itai. Along with configuring routing in OpenVPN
configuration file and Windows machine, you should enable forwarding on your Linux machine, to enable it, just add net.ipv4.ip_forward=1
to /etc/sysctl.conf
and execute sysctl -p
. After this you should add iptables
rule by command iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
. It should be enough.
Don't forget to save iptables configuration by command service iptables save
.
Related videos on Youtube
Comments
-
Kelebra93 over 1 year
I have three instances created in google cloud platform, one of them hosts a linux system and the other a windows 2012 r2 server, I have already created the vpn tunnel between my client and my linux instance, the question here is what is it I have to do to be able to connect via RDP to my windows servers, the ip addresses of the instances are as follows:
Instance with OpenVpn installed:
Internal network interface, eth0: 10.128.0.3 Openvpn interface, tun0 10.8.0.1 Ip publishes 104.154.145.xxx
Windows server instance:
Internal network interface, eth0: 10.128.0.2 Ip publishes 35.184.137.xxx
Windows server instance:
Internal network interface, eth0: 10.128.0.3 Ip publishes 35.184.137.xxx
When I connect as a client, the OpenVpn service gives me ip:
10.8.0.6
.I'd like to connect to the Windows servers by RDP.
I believe it is related to some routing issue but I'm not sure, can you please assist?
-
EEAA about 7 yearsHave you tried using SSH tunnelling? That would be the most simple way to do this.
-
Kelebra93 about 7 yearsFor ssh I already have it, the tunnel vpn is ready and I can connect through it, what happens is that our databases and web services are hosted on windows servers, then you want to occupy that vpn to access those servers , I used linux for this for money reasons, I hope I have explained
-
-
Itai Ganot about 7 yearsThe net mask defines the size of your network... it's probably 255.255.255.0 so I guess you don't need to change it, just add the "push route" lines to your openvpn server configuration and restart the service and add the routes I showed and it should work.
-
Kelebra93 about 7 yearsSorry, my question is, do I have to delete the route that you mentioned in the first response?
-
Itai Ganot about 7 yearsYou can but it's not a must... you can run the same command you used to add it, just replace the word "add" with "del" and run the command again.
-
Kelebra93 about 7 yearsOk, I'll try it and let you know what happens
-
Itai Ganot about 7 yearsEdited my answer to show you how to test it. Also, please delete some older comments from the answer, thanks.
-
Kelebra93 about 7 yearsI'm trying to ping the address 10.128.0.2, but I can not ping, on my client I have the ip 10.8.0.6, add everything as you told me but it does not work :(
-
Itai Ganot about 7 yearsLet us continue this discussion in chat.
-
Kelebra93 about 7 yearsThe iptables command does not work on linux, try it but it marks it as unknown, I'm using debian jessie, ip forwarding is active
-
Alexander Tolkachev about 7 years@JonathanRiveraDiaz please share
iptables-save
output. -
Kelebra93 about 7 yearsiptables: unrecognized service,That's the way out
-
Alexander Tolkachev about 7 years@JonathanRiveraDiaz looks like you don't have
iptables
. Try to install as mentioned in this answer stackoverflow.com/questions/30818931/… -
Kelebra93 about 7 yearsapt install iptables-persistent Reading package lists... Done iptables-persistent is already the newest version. root@debian-vpn:/home/ing_jonathan_rivera_diaz# service iptables-persistent status ● iptables-persistent.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead) root@debian-vpn:/home/ing_jonathan_rivera_diaz# service iptables-persistent start Failed to start iptables-persistent.service: Unit iptables-persistent.service failed to load: No such file or directory.
-
Alexander Tolkachev about 7 years@JonathanRiveraDiaz
sudo dpkg-reconfigure -y iptables-persistent
-
Kelebra93 about 7 yearsStill not working, mark me the following: Bash: iptables-persistent: command not found Can not create rule with ufw?
-
Alexander Tolkachev about 7 years@JonathanRiveraDiaz
iptables
starts by commandinvoke-rc.d netfilter-persistent
. After this all iptables command should work. -
Kelebra93 about 7 yearsThen the route that you gave me, the one of the route, I put it of the following way? Invoke-rc.d netfilter-persistent iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-
Alexander Tolkachev about 7 yearsLet us continue this discussion in chat.