How to configure a host as a gateway for client-side subnets


If you wish to have particular client-side subnets routed through the VPN, you must ensure that:

Example Scenario

Let’s say that a particular user with username “fred" connects to the office VPN (the Access Server) from his home. His main PC at home has multiple network interfaces, with one connected to the Internet (say, via a DSL router) and another interface connected to a personal “test network". All hosts on the test network have an IP address in the subnet. For instance, Fred’s main PC has the address on the test network.

Fred connects to the VPN using the OpenVPN-AS client software running on his main PC. Now the goal is to make the test network accessible to other users via the VPN, including users on a back-end network in the office.

User Permissions Configuration

The Access Server administrator must adjust the settings for username “fred" on the User Permissions page to enable this application. If there is no entry for “fred" on the User Permissions page, the administrator adds one by entering “fred" in the “New Username" box. The administrator clicks the “Show" link on fred’s entry in the User Permissions table, to see the drop-down box of settings specific to the user “fred". Next, the administrator makes the following changes:

Changes to be made at the Router:

– Static routing will need to be enabled
– You will need to add the VPN’s subnet as a static route to the machine you are running the gateway client on

*NOTE: If trying to run a linux client in gateway mode you may need to run this command to enable routing:

sysctl -w net.ipv4.ip_forward=1