OPENVPN Client and NAT'ing
Posted: Sun Dec 05, 2010 8:36 pm
Hi,
I have a OPENVPN server in our datacenter. We have openvpn clients at all customer sites used to setup L3 tunnels and L2 bridges.
Our requirement is to have the L3 traffic routed down the tunnel and not perform NAT'ing anywhere so that the original source and destination addresses remains.
All our other customer OPENVPN clients work without any problems, but for a ne wone I recently setup traffic from our Datacenter to the customer site gets NAT'ed behind the OPENVPN client BR0 ip address after exiting the tunnel. I compared my config to other I know works, but can't find the cause of this. I am no expert at *nix operating systems, but can wind my way around.
Here is the client conf file:
# MAC Address of device
MAC=00:01:c0:05:fc:de
## Which terminator the client should connect to
TERM_IP=10.0.208.93
## Configure VLAN ID of client bridge
VLANID=127
## Specify PKCS12 file for the bridge server (CA cert, server key, server cert)
PKCS12=/etc/openvpn/easy-rsa/keys/vlan127-server.p12
## Specify local/remote IP address to be assigned to client for the routed P-t-P link
IP="172.17.255.127 172.17.255.1"
## Specify NAT ip addresses assigned to client (space separated)
#NAT_SRC="10.252.1.1 10.252.1.2 10.252.1.3 10.252.1.4 10.252.1.5 10.252.1.6 10.252.1.7 10.252.1.8 10.252.1.9"
#NAT_DST="192.168.1.4 192.168.1.45 192.168.1.28 192.168.1.39 192.168.1.37 192.168.1.36 192.168.1.12 192.168.1.2 192.168.1.58"
NAT_SRC=""
NAT_DST=""
## Specific any directly routable destinations
DCT="192.168.1.4 192.168.1.45 192.168.1.28 192.168.1.39 192.168.1.37 192.168.1.36 192.168.1.12 192.168.1.2 192.168.1.58"
## Specific the port that the LII client should connect to
L2_TERM_PORT=10127
I have a OPENVPN server in our datacenter. We have openvpn clients at all customer sites used to setup L3 tunnels and L2 bridges.
Our requirement is to have the L3 traffic routed down the tunnel and not perform NAT'ing anywhere so that the original source and destination addresses remains.
All our other customer OPENVPN clients work without any problems, but for a ne wone I recently setup traffic from our Datacenter to the customer site gets NAT'ed behind the OPENVPN client BR0 ip address after exiting the tunnel. I compared my config to other I know works, but can't find the cause of this. I am no expert at *nix operating systems, but can wind my way around.
Here is the client conf file:
# MAC Address of device
MAC=00:01:c0:05:fc:de
## Which terminator the client should connect to
TERM_IP=10.0.208.93
## Configure VLAN ID of client bridge
VLANID=127
## Specify PKCS12 file for the bridge server (CA cert, server key, server cert)
PKCS12=/etc/openvpn/easy-rsa/keys/vlan127-server.p12
## Specify local/remote IP address to be assigned to client for the routed P-t-P link
IP="172.17.255.127 172.17.255.1"
## Specify NAT ip addresses assigned to client (space separated)
#NAT_SRC="10.252.1.1 10.252.1.2 10.252.1.3 10.252.1.4 10.252.1.5 10.252.1.6 10.252.1.7 10.252.1.8 10.252.1.9"
#NAT_DST="192.168.1.4 192.168.1.45 192.168.1.28 192.168.1.39 192.168.1.37 192.168.1.36 192.168.1.12 192.168.1.2 192.168.1.58"
NAT_SRC=""
NAT_DST=""
## Specific any directly routable destinations
DCT="192.168.1.4 192.168.1.45 192.168.1.28 192.168.1.39 192.168.1.37 192.168.1.36 192.168.1.12 192.168.1.2 192.168.1.58"
## Specific the port that the LII client should connect to
L2_TERM_PORT=10127