multiple LAN clients through openvpn server in EC2

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
amos_shahar
OpenVpn Newbie
Posts: 1
Joined: Wed Oct 10, 2012 3:50 pm

multiple LAN clients through openvpn server in EC2

Post by amos_shahar » Wed Oct 10, 2012 7:00 pm

hi,
I need to provide internet access through openvpn to multiple LAN networks .
each LAN has a windows PC with openvpn client on it. All the other PCs in the same LAN should use the windows with the openvpn as their default GW. the openvpn server is at the Amazon EC2.
I followed the following procedure:
http://holgr.com/blog/2009/06/setting-u ... azons-ec2/

and now the windows PC with the openvpn client can access the public internet through the openvpn server in the cloud (working!). the remaining open issue I have now is to connect the other PCs (in the same LAN) to the internet through the same openvpn tunnel.
I configured the windows open vpn server as IP FORWARD (registry...) and set the default GW of the other LAN PCs to the openvpn client PC.
I can see that the packets get to the windows PC and go to the tunnel - reach the server - but they never go out from the server out.

client:
*******
dev tun
proto udp
remote ec2-54-247-89-XX.eu-west-1.compute.amazonaws.com
resolv-retry infinite
nobind
secret openvpn-key.txt
ifconfig 192.168.2.2 192.168.2.1
comp-lzo
verb 3
#dhcp-option DNS 172.16.0.23
redirect-gateway def1

Server
*******
port 1194
proto udp
dev tun
secret openvpn-key.txt
ifconfig 192.168.2.1 192.168.2.2
keepalive 10 120
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

the iptable conf is:
*nat
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.2.0/24 -d 0.0.0.0/0 -o eth0 -j MASQUERADE
COMMIT

the openvpn server (in amazon EC2) ip is 10.234.241.124 - tunnel 192.168.2.1
the opevpn client (in my home LAN) IP is 212.127.67.138 - tunnel 192.168.2.2

the other PC in the LAN is 212.127.67.136 with DG 212.127.67.138

so ping (or web browsing) from 212.127.67.138 (the openvpn client) is working to yahoo.com for example (through the tunnel). BUT same ping from 212.127.67.136 to yahoo.com is going through 67.138 to the openvpn server but never goes out from the server.

BTW security is not important in this case and not certification is needed (just tunneling)

Thanks for the help,
Amos
Top
Post Reply

Return to “Cert / Config management”