NethServer Version: 7.2.1511 (rc2)
Module: vpn
Hi! Thank you for nethserver, it is amazing.
I’ve installed 7.2.1511 (rc2) on DigitalOcean CentOS 7.2 x64 droplet and trying to setup forwarding all OpenVPN client traffic via nethserver.
OpenVPN is configured, «both Route all client traffic through VPN» and «Allow client-to-client network traffic» are checked, but I cant make Shorewall allow traffic from my 10.10.10.0/24 virtual network to Internet:
neth kernel: Shorewall:ovpn2net:REJECT:IN=tun0 OUT=eth0 MAC= SRC=10.10.10.6 DST=54.154.40.136 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=48918 DF PROTO=TCP SPT=59848 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
I’ve tried:
- creation static route with
Network address 10.10.10.0/24
andRouter address
as eth0 config (got viaip route show
) - creation firewall rule with Source as CIDR firewall object with
10.10.10.0/24
andany
in other fields
Please, give me a hook what to configure to allow passing traffic from vpn clients to Internet?
Update:
I’ve managed to make it working after:
- Return back firewall rule «CIDR network vpn_network» - «Firewall» for
Any
service - Add static route with Network address
10.10.10.0/24
and Router address as eth0 config (got via ip route show) - iptables configuration from command line
iptables -I FORWARD -i tun0 -o eth0 -s 10.10.10.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -s 10.5.0.0/24 -j MASQUERADE
Is it possible to do the same from point 3, but with nethserver gui?