I am running an OpenVPN on a low-end Linode which currently hosts most of my web site, mail, and a few other services. But it is at its limit. So my approach is to use a system on the VPN (actually, my old laptop) as a server.
It appears I need to set up full-cone NAT for this. But the instructions I'm finding in a Google search are getting me into trouble. Among other things, I stopped receiving mail (which I didn't notice for a while because most of it I fetch down from Gmail anyway). This is typical for my adventures with packet filtering related stuff--I just really and truly don't get it and need explanations that match the level of complexity of my perception of the problem rather than explanations that match the level of complexity of all the possibilities that are irrelevant to my problem.
So here's the client configuration for my old laptop:
Code: Select all
client
dev tun
proto udp
remote parts-unknown.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert graton.crt
key graton.key
ns-cert-type server
comp-lzo
verb 3
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.9 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
Code: Select all
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.8.0.1"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
74.207.225.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
74.207.227.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 74.207.225.1 0.0.0.0 UG 0 0 0 eth0
Code: Select all
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.conf.all.forwarding=1
Code: Select all
route add default gw 10.8.0.9 tun0
Thanks!