My Community Dashboard

  • Tomas
    Tomas started a new discussion, OpenVPN - route all traffic

    OpenVPN - route all traffic

    Hi

    We need rock stable openVPN with routing all traffic via our network for our new project.

    Let me very briefly describe the config - 7.5 set as gateway with multi-wan (2 fibre connections).

    multi-wan configured:

    enp4s0 (backup) - Weight 1
    enp5s0 - Weight 100

    We also have Destination Port Rule for UDP 1194 to go through enp5s0, and a disabled rule for UDP 1194 to go through enp4s0 (so it's easy to enable when something goes wrong).

    We added:

    push "redirect-gateway def1"

    to /etc/openvpn/clients.conf.

    We also added "reneg-sec 28800" to the server side and client side config.

    All seems to work nicely...But I have also came across this article:

    https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_forcing_openvpn_traffic_for_clients_through_server

    that advises to add 3 custom firewall rules

    iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow VPN client traffic back in if established
    iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # Allow VPN clients out
    iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE # nat for VPN

    Do we need this (with enp5s0 instead of eth0 for our server) or it's an outdated documentation? I have added those rules but it seems to work with them or without them correctly during my short tests.

    Thanks.