?
Solved

OpenVPN MASQ NAT LAN

Posted on 2006-05-09
6
Medium Priority
?
667 Views
Last Modified: 2013-12-15
Experts,

Hi guys Im looking for a solution on how to use my OpenVPN to connect through LAN. So that I can still see/browse my entire network. Below is my very very basic conf file. Im new in linux but im trying to have this amazing techniques of OpenVPN. My NAT/Firewall uses MASQ and 1194 is open for VPN connections.

LAN " "192.168.11.0/24".

And this is my OpenVPN server.conf

port 1194
proto udp
dev tun
dh dh1024.pem
server 192.168.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

Thanks in advance.
0
Comment
Question by:marvelsoft
  • 3
  • 3
6 Comments
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 320 total points
ID: 16653438
you only need to route between net 192.168.0.0/24 and 192.168.11.0/24

to do that, just activate ip forward, and also be sure your internal ip is the gateway for the 192.168.0.0/24 network:

echo "1" > /proc/sys/net/ipv4/ip_forward
0
 

Author Comment

by:marvelsoft
ID: 16678187
Hi Redimido,

How can I insert the aforesaid "route between net 192.168.0.0/24 and 192.168.11.0/24
" and the gateway? I've already echo "1" > /proc/sys/net/ipv4/ip_forward. I'm using dialup for my testing. Eth0 is my internal LAN (192.168.11.0/24), gateway (192.168.11.10),  and eth1 is my Public IP. This setup has a NAT enabled. I found out more difficulty on how to set this up and I'm glad to ask help for the solution.

This is my revised server.conf:
=======================
mode server
duplicate-cn
port 1194

proto udp
dev tun
;dev tap
tls-server
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

ifconfig 192.168.11.241 192.168.11.242
ifconfig-pool 192.168.11.245 192.168.11.248

ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth ta.key 0
comp-lzo

status-version 2
user nobody
group nobody
persist-key
persist-tun

status openvpn-status.log
verb 3
=======================

0
 
LVL 19

Accepted Solution

by:
Gabriel Orozco earned 320 total points
ID: 16678773
marvelsoft:
"Eth0 is my internal LAN (192.168.11.0/24), gateway (192.168.11.10),  and eth1 is my Public IP"

this is your problem. you are using a vpn to connect you from outside.
For a router (in this case your linux router) to understand you are outside of the LAN which is on eth0 (192.168.11.0/24) you need to have openvpn to give a different range of ip addresses.

so, for your server setup change the .11 to be a different range, like .10 or .0 like this:

ifconfig 192.168.0.241 192.168.0.242
ifconfig-pool 192.168.0.245 192.168.0.248

now, you can see I'm using two networks here.
1.- your LAN
2.- the VNC Network

---------------------------------------
but by the way, I'm now using OpenVPN 2.0 which as a pretty different approach than openvpn 1.6. your setup looks like you are using a mix.

here is my server.conf:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
----------
with that your setup should work
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:marvelsoft
ID: 16692786
Hi Redimido,

I could'nt exactly understand this setup coz i'm new in OpenVPN honestly. In my present setup I've installed windows server 2003 and my NAT/VPN is running already with the same purpose. I can connect from outside/remote through my Internal LAN (192.168.11.0/24). With this I can communicate to every PC in my LAN and then of course I can access all shared folders.

Also my friends has already setup like this procedures and it works.

I comparison with them I can also make a setup like that using Linux. But my problem is how?
I tried already different angles just to work on this but still im not the one.

One thing is how I ping or communicate from 192.168.0.0/24 to 192.168.11.0/24 since they are different. Is there any routing procedures that I forgot?

fconfig 192.168.0.241 192.168.0.242
ifconfig-pool 192.168.0.245 192.168.0.248

Thanks in advance.

mavel
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 16694233
hello

you do not need anything else but the line I posted before:
echo "1" > /proc/sys/net/ipv4/ip_forward

to enable routing in the linux box.
pls try it
0
 

Author Comment

by:marvelsoft
ID: 16718015
Hello Redimido,

Let me try this first maybe i have to adjust some config in my setup.

Thanks :)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month17 days, 10 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question