[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN and iptables


  • Subject: Re: [Openvpn-users] OpenVPN and iptables
  • From: "Britain Crooker" <britainc@xxxxxxxxxxxxxx>
  • Date: Thu, 15 Nov 2007 09:56:16 -0500

I am also using the following command:

iptables -t nat -s 10.8.0.0/24 -A POSTROUTING -j SNAT --to 207.58.179.180

To allow us to use the VPN to access the internet.  Our server (a VPS)
doesn't support masquerade, which is why we used SNAT instead. 

-----Original Message-----
From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Britain
Crooker
Sent: Thursday, November 15, 2007 9:45 AM
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] OpenVPN and iptables

I can't seem to get this to work.  I have switched back to using tun instead
of tap, but still cannot get it to allow a subversion connection.

Is it because I am using the 'push "redirect-gateway def1"' option?

-----Original Message-----
From: abalour@xxxxxxxxx [mailto:abalour@xxxxxxxxx] On Behalf Of Ross Cameron
Sent: Thursday, November 15, 2007 8:43 AM
To: Britain Crooker
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] OpenVPN and iptables

On Nov 15, 2007 3:29 PM, Britain Crooker <britainc@xxxxxxxxxxxxxx> wrote:
> I will try that - does it matter if I my network device is tap0 
> instead of tun0 (other than changing the '-i tun0' part of the 
> statements
below)?

Yes tap+ interfaces are basically bridges and you need to use ebtables to
firewall those.

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users