OpenVPN client NAT into private network

This forum is for general conversation and user-user networking.
Post Reply
truthseeker
OpenVpn Newbie
Posts: 1
Joined: Thu May 02, 2019 2:04 am

OpenVPN client NAT into private network

Post by truthseeker » Thu May 02, 2019 5:10 am

I'm trying to perform remote maintenance of endpoints in internal networks through OpenVPN server.

Right now, I have the OpenVPN server installed on a DigitalOcean Ubuntu VPS. The first VPN client, Client00, my home computer running Windows 10, can successfully connect to it.

The second client, Client01, inside my customer's network, is also able to connect to the DigitalOcean OpenVPN server, and can ping my home computer. The VPN clients are on tun0 interface and get IP addresses in the range 10.254.254.0/24

I want to communicate with other computers on my customer's network and make it appear that the traffic originated from Client01.

I have configured two separate files in the ccd directory, Client01 and Client00

Client 01 contains:
# client networks we want to route through the linuxbox
iroute 172.28.232.0 255.255.252.0

Client00 contains:
# client01 networks to route through the tunnel
push "route 172.28.232.0 255.255.252.0"


On the Client01 machine, which runs Linux, I have written the follwing NAT rule:

iptables -t nat -A POSTROUTING -d 172.28.232.0/22 -o tun0 -j MASQUERADE


And after all this, I can't ping any machine on the customer's network on the 172.28.X.X IP range. I can't talk to any internal server on the customer's network. I can't figure out why it does not work.

I'd like to leverage the configuration off ccd files as I plan to use this configuration for multiple customers and would keep the OpenVPN server running continuously
Also, is it possible to implement NAT in customer's network via a Windows 10 machine?

Post Reply