How to set IPTABLES on Ubuntu server to accept incoming route call from LAN?
Bo Berglund
bo.berglund at gmail.com
Mon Jan 17 13:31:11 UTC 2022
On Sun, 16 Jan 2022 10:44:58 +0100, Bo Berglund <bo.berglund at gmail.com> wrote:
>The OVPN server "should" know what to do with incoming calls for the remote
>address since it has the connection open from there...
>
It turns out that there are a couple of settings needed on the OpenVPN server
side to complete the setup so it works as intended.
It is described well by the official documentation (if one can find the right
webpage and section):
https://community.openvpn.net/openvpn/wiki/HOWTO#IncludingmultiplemachinesontheclientsidewhenusingaroutedVPNdevtun
Basically these steps (for someone stumbling on this thread in the future):
- Configure the Linux OpenVPN server to use ccd (client configuration dir)
- Use an ovpn file created for a specific user (Common Name unique)
- Create a file /etc/openvpn/ccd/[Client common name]
- Add this single line into that file:
iroute 192.168.117.0 255.255.255.0
where 192.168.117.0 is the IP of the client LAN
- Add this into the server's conf file:
# This is needed for site-to-site routing
client-config-dir /etc/openvpn/ccd
route 192.168.117.0 255.255.255.0 #use client side network IP
# end site-to-site routing
With the main router already configured for routing calls to the client network
to the OpenVPN server device, this will now work fine.
--
Bo Berglund
Developer in Sweden
More information about the ubuntu-users
mailing list