Just a link. I like this OpenVPN how to: http://library.linode.com/networking/openvpn/centos-6
Tag Archives: openvpn
Routing public IPs to a LAN behind a dynamic IP connection with OpenVPN and ipfw policy-based routing
I’ve just had the need to route a range of public IP addresses to the LAN behind my home connection (dynamic IP). Tried gre at first but couldn’t get my crappy 20 EUR home router to pass gre packets. So, gave OpenVPN a try, with success:
Data center router: route packets for 217.172.172.0/26 to 217.172.1.1
Linux box (217.172.1.1) in data center acting as OpenVPN server. server.conf:
# push “redirect-gateway def1 bypass-dhcp”
server 10.10.10.0 255.255.255.0
route 217.172.172.0 255.255.255.192
client-config-dir /etc/openvpn/clients
We’ve commented out the redirect-gateway stuff because we do not want the OpenVPN client to send all traffic through the OpenVPN server. 10.10.10.0/24 can be any RFC range really.
/etc/openvpn/clients/DEFAULT:
iroute 217.172.172.0 255.255.255.192
This will make 217.172.172.0/26 accessible from the internet through OpenVPN.
That’s it for the server side. netstat -nr looks like this:
Destination Gateway Genmask Flags MSS Window irtt Iface
10.10.10.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
217.172.172.0 10.10.10.2 255.255.255.192 UG 0 0 0 tun0
10.10.10.0 10.10.10.2 255.255.255.0 UG 0 0 0 tun0
Client (FreeBSD) at home:
em0:
192.168.1.2: For connectivity to home router
217.172.172.1/26: one public IP address
No special configuration needed. Just start the OpenVPN client and the server will push the important stuff to the client. netstat -nr after client is up and running:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGS 16570 911365865 em0
10.10.10.1/32 10.10.10.5 UGS 0 0 tun0
10.10.10.5 link#23 UH 39 41 tun0
10.10.10.6 link#23 UHS 0 0 lo0
217.172.172.0/26 link#1 U 0 331 em0
217.172.172.1 link#1 UHS 0 1 lo0
192.168.1.1 = internet gateway (home broadband router)
Now all that is left is to tell ipfw to route packets which have a source address in 217.172.172.x/26 via the OpenVPN link, namely 10.10.10.5:
ipfw 10 add fwd 10.10.10.5 ip from 217.172.172.0/26 to any
And that’s it. Finally you can configure machines in your LAN with IPs from 217.172.172.x/26 with gateway 217.172.172.1 and they’ll be fully accessible from the internet. Traffic from the machines to the internet will get routed through OpenVPN.