I have an OpenVPN server, his address is 192.168.1.251 tun, udp, etc. without firewall; remote client has server OpenVPN wan ip, I'd like to have client wan ip not server wan ip!
I need to route only lan traffic not wan traffic trought OpenVPN server but I didn't understand where is the problem...
Code: Select all
+--------------------------------+
| GATEWAY |
(public IP)| 192.168.1.254 |192.168.1.x
{INTERNET}=============={eth0 eth0}=============<internal network / 192.168.1.0/254>
| \ / |
| +----------------------+ |
| | iptables and | |
| | routing engine | |
| +--+----------------+--+ |
| OpenVPN Server |
| 192.168.1.251 |
| 10.8.0.1 |
| (openvpn)-------{tun0} |
| 10.8.0.x |
+--------------------------------+
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
server.conf
;local 192.168.1.251
port 1194
proto udp
dev tun
;dev-node MyTap
ca ca.crt
cert server01.crt
key server01.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
push "route 192.168.1.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
;push "dhcp-option WINS 10.8.0.1"
client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
max-clients 6
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
;log-append openvpn.log
verb 3
;mute 20