On 12/3/18 5:55 AM, Andrew Udvare wrote:
iptables on server: -A FORWARD -s 10.100.0.0/24 -i tun0 -o enp1s0f0 -m conntrack --ctstate NEW -j ACCEPT
Is that only forwarding packets for new (i.e. not existing) connections? Ours looks like, iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -s $INSIDE_NET -j ACCEPT iptables -A FORWARD -i $VPN_INTERFACE -j ACCEPT (and you need to enable the net.ipv4.ip_forward sysctl)
