OpenVPN on Ubuntu

Posted on: Tue, 09/30/2008 - 15:42 By: dae
Tags

Once again I have to build up a machine for OpenVPN. I have previously wrote articles about this but when I follow those instruction it still does not work. But first, let us talk about what I want to achieved. I just simply want to set up a road warrior configuration, i.e., I would like to have a machine, from any place, to securely access all the resource within our laboratory. This is not possible via public interface because the firewall rules block most of the port. Besides, it is not secure.

Now, the generic howto of OpenVPN will lead you to the point that you have the VPN connection between the client and the server, but no other machine on the client side or the server side is accessible by both side. My previous article tells you how to set up the routing on the client such that when it wish to connect to the other machine in the office, it should be routed through OpenVPN. This seems to work so far for my last machine but actually it does not on the new machine.

The problem is that

  1. I have to enable port forwarding on the server. This is already covered in OpenVPN howto here.

Specifically for ubuntu, you have to execute the following command.

$echo 1 > /proc/sys/net/ipv4/ip_forward

This is to tell the kernel to allow routing, now. However, this does not survive a reboot. For ubuntu, you have to add the following file to /etc/sysctl.conf

net.ipv4.ip_forward=1
  1. I also need to enable NAT on the server, for WinXP, this is not actually needed, but for my latest ubuntu machine, I have to execute the following command.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

And that is enough.