Use Linux Client as Gateway for local LAN to share VPN

[stuienorris]

Hi Forum

I have setup my first OpenVPN server and client. I can connect connect from my linux client (named gateway) to the internet . However I now wish to use this linux client as a gateway for a a devices on a local network that does not support OpenVPN software.

My Linux client (gateway) has two NICs (ip_forwaring is enabled)
eht0 192.168.1.1/24 WAN
eth1 192.168.1.1/24 LAN

For the client device on 192.168.1.30/24 I can connect to the internet via my Linux gateway without OpenVPN running.

How ever when I enable OpenVPN on the Linux Gateway the client device (192.168.1.30/24) can not longer connect to the internet.

The routing table of the Linux gateway with the tunnel running is.
#netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
xxx.xxx.xxx.xx 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

With tcpdump I can see pings from the client (192.168.1.30/24) entering the tun0 interface.
#sudo tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
21:04:42.155185 IP 192.168.1.30 > google-public-dns-a.google.com: ICMP echo request, id 1239, seq 2004, length 64

However on the OpenVPN server I never see the pings arrive.
#sudo tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel

My server and client config are very basic.

server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

client.conf
client
proto udp
dev tun
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert test.crt
key test.key
comp-lzo
verb 2

ON my linux gateway I have no iptables rules.

sudo iptables -L -t nat -v
Chain PREROUTING (policy ACCEPT 243 packets, 28199 bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 238 packets, 27865 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 2 packets, 137 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 7 packets, 471 bytes)
pkts bytes target prot opt in out source destination


Could some point out what I have missed, or point me to a tutorial with a similar setup?

In the end I would like the send all traffic from 192.168.1.30/24 except traffic for 192.168.0.0/24 via the tunnel.

Thanks

Stuart

[Traffic]

My Linux client (gateway) has two NICs (ip_forwaring is enabled)
eht0 192.168.1.1/24 WAN
eth1 192.168.1.1/24 LAN

Are you sure about this ?