linux - OpenVPN and iptables -



linux - OpenVPN and iptables -

openvpn , iptables

my internal aws network not straight accessible internet, may accessed through secure openvpn gateway.

network configuration

the openvpn server ubuntu server 14.04.1 aws ec2 instance exposes udp 1194 on external (internet) interface 'eth0', allows ports/protocols on internal interface 'eth1'. when openvpn tunnel created between openvpn client , openvpn server, creates new interface on each side of tunnel called 'tun0', allows ports/protocols.

the openvpn server binds ip address 10.8.0.1 tun0 interface, , openvpn clients dynamically assigned ip addresses starting 10.8.0.2, in ascending order. interfaces of internal resources have statically-assigned ip addresses within 10.0.100.0/24.

packet forwarding enabled on openvpn server in /etc/sysctl.conf: net.ipv4.ip_forward=1

'source / destination checking' has been appropriately disabled.

packet forwarding requirements

the openvpn server must enforce these requirements via iptables, linux kernel's built-in firewall:

all traffic originating net on eth0 should dropped, except openvpn tunnels on udp 1194, , responses requests originating internal resources (see 3rd bullet).

all traffic originating net via openvpn tunnel on tun0 should accepted, , forwarded appropriate internal resources. responses internal resources openvpn clients should accepted on eth1, forwarded tun0, , on originating openvpn client.

all traffic originating internal resources (e.g. server software updates) should accepted on eth1, , forwarded eth0 using nat masquerading. responses external resources (e.g. apt-get repositories) should accepted on eth0 using nat masquerading, , forwarded originating internal resource via eth1.

current (flawed) iptables configuration sudo iptables -a input -i tun0 -s 10.8.0.0/24 -d 10.0.100.0/24 -j take sudo iptables -a input -i eth1 -s 10.0.100.0/24 -d 10.8.0.0/24 -j take sudo iptables -a output -o tun0 -s 10.0.100.0/24 -d 10.8.0.0/24 -j take sudo iptables -a output -o eth1 -s 10.8.0.0/24 -d 10.0.100.0/24 -j take sudo iptables -a forwards -i tun0 -o eth1 -s 10.8.0.0/24 -d 10.0.100.0/24 -j take sudo iptables -a forwards -i eth1 -o tun0 -s 10.0.100.0/24 -d 10.8.0.0/24 -j take sudo iptables -t nat -a postrouting -o eth0 -j masquerade the problem

i can create encrypted connection between openvpn client , openvpn server.

i can not reach internal network resource beyond openvpn server connected openvpn client. appears packets not forwarding across openvpn server's firewall (iptables).

if position myself on openvpn server via ssh, no packet forwarding required reach endpoint, can ping internal resources , openvpn client (that i'm originating from).

thus, network connectivity there, appears iptables misconfigured, according iptables requirements listed above.

i need ordered list of iptables commands correctly , exactly implement packet forwarding requirements listed above.

flush iptables. assuming necessary forwarding enabled , using default openvpn subnet 10.8.0.0, utilize server's lan ip @ end.

iptables -t nat -a postrouting -s 10.8.0.0/24 -j snat --to 1.2.3.4

this should give access vpn servers local lan using openvpn.

linux ubuntu networking iptables openvpn

-

Comments

Post a Comment

Popular posts from this blog

formatting - SAS SQL Datepart function returning odd values -

formatting - SAS SQL Datepart function returning odd values - i'm having massive problem project can't seem right. i'm trying modify info variable in datetime format. first info 30mar12:00:00:00. i've been advised utilize code below returns value 30mar60:5:30:00. want date component , have no thought how info got exported in format wasn't in microsoft access. i've tried several mods code 1 time again comes blank or sends error message. proc sql; update dataset set date = datepart(date); quit; any advice appreciated. i'm guessing variable date numeric , formatted datetime. 1 time you've carried out conversion, alter format date9. sas datetime value number of seconds since 01 jan 1960, whereas dates number of days since 01 jan 1960. both stored numbers, using right format display value key. illustration below. data _null_; a='30mar12:00:00:00'dt; b=datepart(a); c=b; format b datetime. c date9.; set b c; run; ...
Read more

c++ - Apple Mach-O Linker Error(Duplicate Symbols For Architecture armv7) -

c++ - Apple Mach-O Linker Error(Duplicate Symbols For Architecture armv7) - here error: duplicate symbol _objc_metaclass_$_bfapplinkreturntorefererview in: /users/user/documents/facebooksdk/facebooksdk.framework/facebooksdk(bfapplinkreturntorefererview.o) /users/user/desktop/project/project/project/assets/facebook/editor/ios/facebooksdk/facebooksdk.a(bfapplinkreturntorefererview.o) ld: 889 duplicate symbols architecture armv7 clang: error: linker command failed exit code 1 (use -v see invocation) i have searched find solution of error couldn't. there tons of similar error this, 1 hasn't been asked yet. problem shows when add together "-objc" "other linker flags". need add together utilize admob service. problem? how can solve this? i faced same issue while integrating facebook-ios-sdk. because using 3rd party library had bolts.framework linked against it. solution found incorporate facebook-ios-sdk source code hosted on github. ...
Read more

php - Yii 2: Unable to find a class into the extension 'yii2-admin' -

php - Yii 2: Unable to find a class into the extension 'yii2-admin' - extension's github project: https://github.com/mdmsoft/yii2-admin i'm using advanced template of yii2, i've backend , frontend , common folders advanced folder. the advanced folder on same level of vendor folder. i've others extensions , working then installed yii2-admin composer php composer.phar require mdmsoft/yii2-admin "*" installation worked well. into vendor folder i've mdmsoft folder yii2-admin subfolder it. this actual content of v endor/yiisoft/extensions.php (modified composer installation, haven't manually touched it) <?php $vendordir = dirname(__dir__); homecoming array ( 'yiisoft/yii2-jui' => array ( 'name' => 'yiisoft/yii2-jui', 'version' => '2.0.0.0', 'alias' => array ( '@yii/jui' => $vendordir . '/yiisoft/yii2-jui', ...
Read more