Problem with routing

NethServer Version: 7.3
Module: firewall

Hello,
I am testing nethserver 7.3 and I have configured my computer as a gateway / firewall / dhcp. I started the vpn service and added a static route to the remote network. (Specifically, device on a local area network that allow access to another network). A computer on the local network has access to another network through a static route. A VPN-connected computer does not have access to the remote network. What should I do now? Is there any way to add a static route for a VPN?

Sorry for my english and thanks for help!

Hi Pawel, welcome here and don’t worry for your English :wink:

Are you running your client as administrator? Check it out
https://wiki.nethserver.org/doku.php?id=user:willzen#openvpn_client

Hi!
Thank you for your help. The openvpn client does not require an administrator account since version 2.4.0. (https://openvpn.net/index.php/open-source/downloads.html). My vpn configuration is very similar to what I received from you. Perhaps the firewall does not allow traffic to the remote network but until then, I am a newcomer to this topic.

Regards Paweł

Good to know, did you check if a route on your windows machine is correctly added?

I’m not sure what route should be added to the computer from the vpn
network. On the nethserver server I added a static route (Network
10.200.20.0/24, Router address 192.168.203.254) and it works on the local
network.

As you can see, static routes are pushed to the vpn clients, you should reach the remote network by default. To debug the problem, sniff traffic on the tun interface.

I think that is the solution

iptables -t nat -I POSTROUTING -s 172.16.0.0/24 -d 10.200.20.0 /24 -o eth1 -j MASQUERADE

Are your machines under the nethserver gateway?

Yes netheserver is a gateway, but other device is transmits traffic to the network at 10.200.20.0/24.
There is one more problem, the iptables rule does not save.

Yeah, nethserver is the gateway to the VPN correct?

But are the desktops under the same gateway? I had this problem a while ago, and the only solution i had is to use PPTP instead of OpenVPN.

My configuration is default. Eth0 is static wan (public static IP) , eth1 is lan with dhcp and gateway 192.168.203.1. Dns is 8.8.8.8 OpenVPN configuration is similar like https://wiki.nethserver.org/doku.php?id=user:willzen#openvpn_client. Authentication mode with Username, password and certificate, Routed mode 172.16.0.0/24. , Public IP and port 1194.

How add this command on Nethserver 7.3? I guess that the default is running firewalld?

iptables -t nat -I POSTROUTING -s 172.16.0.0/24 -d 10.200.20.0 /24 -o eth1 -j MASQUERADE

1 Like

NethServer uses shorewall.
Write that line in /etc/shorewall/started.

1 Like

Thank you. It works :slight_smile:

Worked perfectly also for me, thanks!!!

Is there a way to create a nat rule using MASQUERADE on the GUI?

No. I still think that the need of a nat rule is a customization worth a sysadmin accessing the command line.