About
Kooty's TechnoBabble is a blog by Brennan Kootnekoff, and is about the interesting day-to-day life of a multi-platform systems engineer/administrator. From time to time, he will post useful tidbits of information here that may save hours of time, and prevent premature gray hairs and aging.
Search
Recent Posts
Recent Comments
Archive
Site Functions
Other
SecuScan Certified
December 2nd, 2008. comments are open 0 commentsOpenVPN iptables Rules

Ok, so you installed OpenVPN, generated your certificates, configured your server.conf, and you are connected via your client. Easy enough eh? But you now realize that you can’t ping anything on the internal network that you are connecting to. You checked, and IP Forwarding is enabled, and your push “route” rules are set properly. You start pulling your hair out, then you put your fist through the KVM. No need anymore.

To get this working, all you have to do is enable IP Masqurading for the tun0 interface via iptables. The following two lines should do the trick for POSTROUTING.

iptables -t nat -I POSTROUTING -s <vpn-network> -o <internal-interface> -j MASQUERADE

iptables -t nat -I POSTROUTING -s <internal-network> -o <vpn-interface> -j MASQUERADE

Hope this helps!

Brennan