Problem with routing

NethServer Version: 7.3
Module: firewall

I am testing nethserver 7.3 and I have configured my computer as a gateway / firewall / dhcp. I started the vpn service and added a static route to the remote network. (Specifically, device on a local area network that allow access to another network). A computer on the local network has access to another network through a static route. A VPN-connected computer does not have access to the remote network. What should I do now? Is there any way to add a static route for a VPN?

Sorry for my english and thanks for help!

Hi Pawel, welcome here and don’t worry for your English :wink:

Are you running your client as administrator? Check it out

Thank you for your help. The openvpn client does not require an administrator account since version 2.4.0. ( My vpn configuration is very similar to what I received from you. Perhaps the firewall does not allow traffic to the remote network but until then, I am a newcomer to this topic.

Regards Paweł

Good to know, did you check if a route on your windows machine is correctly added?

I’m not sure what route should be added to the computer from the vpn
network. On the nethserver server I added a static route (Network, Router address and it works on the local

As you can see, static routes are pushed to the vpn clients, you should reach the remote network by default. To debug the problem, sniff traffic on the tun interface.

I think that is the solution

iptables -t nat -I POSTROUTING -s -d /24 -o eth1 -j MASQUERADE

Are your machines under the nethserver gateway?

Yes netheserver is a gateway, but other device is transmits traffic to the network at
There is one more problem, the iptables rule does not save.

Yeah, nethserver is the gateway to the VPN correct?

But are the desktops under the same gateway? I had this problem a while ago, and the only solution i had is to use PPTP instead of OpenVPN.

My configuration is default. Eth0 is static wan (public static IP) , eth1 is lan with dhcp and gateway Dns is OpenVPN configuration is similar like Authentication mode with Username, password and certificate, Routed mode , Public IP and port 1194.

How add this command on Nethserver 7.3? I guess that the default is running firewalld?

iptables -t nat -I POSTROUTING -s -d /24 -o eth1 -j MASQUERADE

1 Like

NethServer uses shorewall.
Write that line in /etc/shorewall/started.

1 Like

Thank you. It works :slight_smile:

Worked perfectly also for me, thanks!!!

Is there a way to create a nat rule using MASQUERADE on the GUI?

No. I still think that the need of a nat rule is a customization worth a sysadmin accessing the command line.