Daniel Bareiro wrote: > Hi all! > > I was making a first attempt to establish a VPN between my house and the > office. The scenery from the side of my house is the following one: > ________ > +----------+ +-----------+ +----------+ ____/ \___ > | OpenVPN |_____| GNU/Linux |_____| ADSL |_____/ Internet \ > | server | | Firewall | | Router | \____ ____/ > +----------+ +-----------+ +----------+ \_______/ > > Local network: 10.1.0.0/24 > VPN network: 10.8.0.0/24
I am new to OpenVPN (even to VPN). I just finished installing it on home lan's gateway (router machine, running Debian Testing). My setup at home is: -------------------- _________ | Router m/c | ________ ADSLModem|-->{eth1 and OpenVPN eth0}---->| Switch |--> Home lan ---------' | server ath0}--, -------- 192.168.0.0/24 -------------------- | `--> To Home wifi 192.168.5.0/24 VPN network: 172.16.15.0/24 NB: The VPN server is configured to allow the clients to talk to home lan (and not to home wlan). The primarily because I want to test my setup from within my home, so I make my wlan as a remote network for VPN testing purposes. Also, I am using tun devices for my VPN (the networks are routed, not bridged). Now, to get VPN clients to talk to my home lan and to the internet though my modem, I needed to allow forwarding and postrouting in my iptables firewall. The rules I added are as follows. ############################################################### # VPN traffice #allow VPN clients to connect from WAN $IPTABLES -A INPUT -p udp --dport 1194 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 1194 -j ACCEPT #now, allow traffice from vpn servers (this is a very liberal rule, fine tune later) $IPTABLES -A INPUT -i tun+ -j ACCEPT $IPTABLES -A OUTPUT -o tun+ -j ACCEPT $IPTABLES -A FORWARD -i tun+ -j ACCEPT $IPTABLES -A FORWARD -o tun+ -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i ath0 -o tun+ -j ACCEPT $IPTABLES -A FORWARD -i eth0 -o tun+ -j ACCEPT #and also $IPTABLES -t nat -A POSTROUTING -s 172.16.15.0/24 -o $EXTIF -j MASQUERADE ############################################################### In your case, allow port forwarding from you firewall to the VPN server. This needs to be configured on your firewall/router machine. Next, to let your VPN clients talk to your lan, you need to setup forwarding and masquarading on your VPN server machine. And in your case, I think $EXTIF is going to be your lan card of your VPN server. In the rules example above, you need to change the devices according to your setup (you probably won't have ath0 line). Hope this is helpful in some way. If you have further questions about my setup, let me know. Regards. ->HS -- Please reply to this list only. I read this list on its corresponding newsgroup on gmane.org. Replies sent to my email address are just filtered to a folder in my mailbox and get periodically deleted without ever having been read. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org