Now I would like to configure the client for tunneling also requests to other local (IMAP) services running on the VPN-gateway. These are accessible by either the gateway public IP or alternatively the OpenVPN internal IP (10.8.0.1).
From client perspective (Thunderbird) I'd always like to use the gateway public IP, which in case of the VPN tunnel being established needs some kind of translation to the internal IP (10.8.0.1). Initially I thought I'd be able to do this by configuring the server with "redirect-gateway block-local", but this only prevents the (Ubuntu) client from bypassing any traffic outside the tunnel.
Instead I most likely need DNAT on the client. With respect to http://l7-filter.sourceforge.net/PacketFlow.png I assume this should be something like
Code: Select all
iptables -t nat -A OUTPUT -p tcp ! --dport 1194 -j DNAT --to 10.8.0.1
Thx,
Andreas