On a remote server, a static ip on it raises a VPN server. From a computer with a dynamic IP, I connect to the server and I need to go to the remote site via the VPN server, since there is a filter on it by valid IP addresses. Register a route on the client
ip route add Адрес_Сайта/32 dev tun0 , but on this plug-in, it seems that there is not enough routes on the server from vpn to internet and back, tell me which command and how to register?
On the vpn tunnel, some internal IP addresses are usually raised and a request from the client inside the tunnel comes from this IP. Routing is usually raised automatically and there are no problems with it. But the fact that the server tries to transfer the packet from the ip-sender from the subnet lifted to the VPN is the most common problem. It is necessary that the server transmitting the packet further, changed the address of the sender in it to your IP, from which it goes to the Internet. NAT is used for this, and usually its kind is masquerading . Configured by the iptables utility on the server:
iptables -A POSTROUTING -t nat -s ip-клиента -o имя-интерфейса-смотрящего-в-интернет -j MASQUERADE If there are several clients and their ip are in the same subnet, then the ip-client can be specified as ip-адрес-сети/маска-подсети
View raised rules:
iptables -L POSTROUTING -t nat -n Unnecessary rules are deleted by almost the same command that was used when adding (with all the keys and ip-addresses), only -A changed to -D .
In order for the server to basically transfer packets through itself further, there must be 1 in /proc/sys/net/ipv4/ip_forward . In order for it to appear there itself when the system is booted, add this to /etc/sysctl.conf (on most distributions) with a line of the form net.ipv4.ip_forward = 1
Source: https://ru.stackoverflow.com/questions/474597/
All Articles
iptables -A POSTROUTING -t nat -s ip-клиента -o имя-интерфейса-смотрящего-в-интернет -j MASQUERADE- Mike