yes i know that the ubuntu router is not needed, but this is just a test setup for traffic shaping
icmp redirects on ubuntu are disabled, so the clients will always go over this router and then the real one.
it only has eth0
the router got a vpn connection to the openvpn server
router
route:
Code: Select all
0.0.0.0 192.168.11.1 0.0.0.0 UG 0 0 0 eth0
10.8.33.0 10.8.33.25 255.255.255.0 UG 0 0 0 tun0
10.8.33.25 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.168.11.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
Code: Select all
# Generated by iptables-save v1.4.12 on Wed Jul 23 20:28:35 2014
*filter
:INPUT ACCEPT [1823326:2372828464]
:FORWARD ACCEPT [1247173:280199859]
:OUTPUT ACCEPT [1347457:108842556]
COMMIT
# Completed on Wed Jul 23 20:28:35 2014
# Generated by iptables-save v1.4.12 on Wed Jul 23 20:28:35 2014
*nat
:PREROUTING ACCEPT [6558:475103]
:INPUT ACCEPT [3249:257116]
:OUTPUT ACCEPT [8467:556795]
:POSTROUTING ACCEPT [1572:101843]
-A POSTROUTING -s 192.168.11.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Jul 23 20:28:35 2014the clients can ping the openvpn server
if it was only one client you could use "redirect-gateway def1" on the server side and all traffic would go over the vpn and you would be done with it.
but i want some of my clients to over the vpn, or if thats not possible all of them.
what do i have to change on the router to tell it to do this?