i have configured openvpn connection debian pc remote debian server, , works. in fact, can ping 10.0.0.1 (address in vpn of server).
now want share connection. want other clients on lan can access server without openvpn client. how can it?
my lan standard address 192.168.2.x. how can set 192.168.2.123 address connect directly remote server?
if understand correctly, want map address 192.168.2.123 remotely accessable openvpn server 10.0.0.1
in order this, need 2 things
- create alias address 192.168.2.123 on debian pc. detailed how-to can found here
- setup your debian pc rewrtite incoming traffic 192.168.2.123 remote server 10.0.0.1.
in order setup forwarding, need enable first shown below.
echo 1 > /proc/sys/net/ipv4/ip_forward then setup specific firewall rules forward traffic. here example how this.
iptables -t nat -a postrouting -o tun0 -j masquerade iptables -t nat -a prerouting -d 192.168.2.123 -j dnat --to-destination 10.0.0.1 note: tun0 supposed interface of tunnel debian pc opened, eth0 interface on debian pc ip address 192.168.2.123. actual name of interfaces may sth. else. setup nat, mapping traffic lan interface, address have within vpn. aware, setup require clients in lan initiate connection remote debian server.
another solution forward traffic of lan interface tunnel interface shown below. using approach able access remote debian server using it's internal vpn ip 10.0.0.1.
iptables -a forward -i eth0 -o tun0 -j accept iptables -a forward -i tun0 -o eth0 -j accept note: vpn server on other side not know subnet, traffic forwarded it. in order enable server sending responses need tell being able reach lan 192.168.2.x using tunnel. here explanation how can done. need tell client additional route on normal network interface.
Comments
Post a Comment