[Solved]Layer3 configuration without NAT?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
kgc
OpenVpn Newbie
Posts: 4
Joined: Mon Jul 13, 2015 6:40 pm

[Solved]Layer3 configuration without NAT?

Post by kgc » Mon Jul 13, 2015 10:39 pm

I'm trying to configure an OpenVPN AS server to use a pool of public IPs for clients without performing any NAT or other traffic mangling or enforced limitations and to just leave it to the kernel to route the traffic as expected. It is easy enough to remove the iptables rule once the service is started (which makes it behave as desired) but I haven't figured out a way to make this persistent within the constraints of the openvpn as server configs.

I attempted to do this by disabling the update of the iptables rules as per one of the FAQs but every combination I've come up with prevents the server from starting even if the persistent iptables rules match what the server would have installed.

Code: Select all

 # ./confdba --mod --key=iptables.vpn.disable.nat --value=True --prof=Default
 #  ./confdba --mod --key=iptables.vpn.disable.mangle --value=True --prof=Default
 # ./confdba --mod --key=iptables.vpn.disable.filter --value=True --prof=Default

Code: Select all

{'errors': {'openvpn_0': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live'])")], 'user': [('error', "service failed to start due to unresolved dependencies: set(['iptables_live'])")], 'openvpn_2': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live'])")], 'openvpn_3': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live'])")], 'iptables_live': [('error', "Service deferred error: 'NoneType' object is not iterable: internet/defer:323,sagent/wpsvc:167,sagent/iptlive:49,sagent/iptlive:76,sagent/iptlive:111 (exceptions.TypeError)")], 'crl': [('error', "service failed to start due to unresolved dependencies: set(['user'])")], 'openvpn_1': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live'])")]}, 'service_status': {'bridge': 'started', 'log': 'started', 'license': 'started', 'iptables_web': 'started', 'iptables_openvpn': 'started', 'ip6tables_openvpn': 'started', 'openvpn_1': 'off', 'auth': 'started', 'ip6tables_live': 'started', 'client_query': 'started', 'db_push': 'started', 'api': 'started', 'daemon_pre': 'started', 'web': 'started', 'openvpn_2': 'off', 'openvpn_3': 'off', 'iptables_live': 'on', 'openvpn_0': 'off', 'crl': 'off', 'user': 'off'}}

kgc
OpenVpn Newbie
Posts: 4
Joined: Mon Jul 13, 2015 6:40 pm

Re: Layer3 configuration without NAT?

Post by kgc » Sat Jul 18, 2015 12:24 am

Turns out this was as easy as using the routing option of "Yes, using routing (advanced)" and adding 0.0.0.0/0 as a private subnet "to which the client should be given access". Thanks to support for pointing this out in a ticket.

Post Reply