Iptables forward with pptp and openvpn

networking vpn openvpn pptp
5,700

If I understand correctly, you want an OpenVPN tunnel and a PPTP tunnel, each that will route tunneled traffic out eth0, but each with it's own IP.

If I'm wrong in that, try to clarify and I'll do what I can to help. But, I believe this script will do what you're asking for.

#!/bin/bash

# This enables forwarding in the kernel.
echo 1 > /proc/sys/net/ipv4/ip_forward

# This will allow all return traffic to pass back to the originating socket
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# This permits forwarding traffic that came in either tunnel and bound out eth0.
# Note: This does not explicitly permit forwarding between tunnels.
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT

# This blocks all forwarding that is not explicitly permitted.
# Removing this line would be unsafe.
iptables -A FORWARD -j DROP

# These lines will SNAT the traffic coming from each tunnel to the
# appropriate IP address.
iptables -t nat -A POSTROUTING -i tun0 -o eth0 -j SNAT --to-source 1.1.1.1
iptables -t nat -A POSTROUTING -i ppp+ -o eth0 -j SNAT --to-source 1.1.1.2

Running this script multiple times will cause rules to build up. The following script will flush your firewall rules and disable forwarding. I generally include this at the beginning of my firewall scripts, but I don't know if it's safe for you to do so, so I've included it separately.

#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t filter -F
iptables -t nat -F
Share:
5,700
Sam L
Author by

Sam L

Updated on September 18, 2022

Comments

  • Sam L
    Sam L over 1 year

    I have OpenVPN and PPTP installed on a VPS. I'm having a few questions that I can't seem to get a firm answer on.

    I want to install OpenVPN on 1.1.1.1 (eth0, public IP address) and PPTP on 1.1.1.2 (eth0:1, public IP address). I was able to achieve this with SNAT. However, from all the tutorials I've been reading it recommends forwarding ppp+ to eth0 and vice versa and the same situation for the tun interface.

    iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

    My setup is CentOS, dedicated server.

    For some reason I'm assuming iptables will route all traffic from eth0 to tun0 and stop at that.

    1. Will these forward rules conflict with each other?
    2. Will I need to forward the ppp+ to eth0:1 instead to avoid confliction? Is it even possible? I haven't figured out a way yet.
    3. Is iptables smart enough to route traffic that is specific to tun and ppp through these rules?
  • John Nguyen
    John Nguyen about 11 years
    I was wondering, what's the point of iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT? Is it even necessary?
  • bahamat
    bahamat about 11 years
    Because PPTP tunnels use ppp interfaces. OP wants to support OpenVPN and PPTP tunnels simultaneously. Also the next line is -j DROP.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Send all OpenVPN traffic through proxy or TOR proxy?
How do I setup routing through a PPTP VPN?
OpenVPN setup with PIA - Connects but no internet
AEAD Decrypt error: bad packet ID on openvpn using UDP
Is PPTP a secure VPN-protocol?
How to auto(re)connect to openvpn connection?
Ubuntu 17.10 - OpenVPN TAP - Help
OpenVPN client not getting DNS information
PureVPN connects but very slow
Connected to OpenVPN Server but can't SSH