Answer the question
In order to leave comments, you need to log in
O
O
Oleg Svirchev2017-07-27 13:01:09
Oleg Svirchev, 2017-07-27 13:01:09
VPN - how to set up the network correctly?
Good afternoon.
There is the following task:
There is a vpn server on openvpn. On the server itself, there are two interfaces ens18 (local to the network with IP 192.168.0.41) and to the Internet ens19 (1.1.1.1). The openvpn itself can issue any IP range, BUT half of the 192.168.0.0/24 subnet is already occupied, so the 10.8.0.0 subnet is issued. The task is to connect to vpn and see the local network 192.168.0.0/24.
Now only sees the Internet through the rule
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens19 -j SNAT --to-source 1.1.1.1
Also sees 192.168.0.41, but does not see the entire LAN 192.168.0.0/24 .
Of course, you can try to register a certain IP range from the 192.168.0.0/24 subnet for issuance, but I would like to use different subnets.
It is also interesting whether it is possible to start up VPN traffic only for LAN, respectively, I will still access the Internet through my Internet.
2 answer(s)
@cssman
C
cssman, 2017-07-27 @cssman
you need routing between the local subnet and the vpn virtual subnet
so that vpn clients (or side) go to their Internet on their own - you need to remove the natting rule, and they (clients or side / s) for their part configure routes and metrics accordingly.
Similar questions
2
P
K
B
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question