Jump to content
Not connected, Your IP: 3.145.85.123
Fjew

OpenVPN airvpn as a local gateway

Recommended Posts

Hello!

I have previously just changed GW of the devices I wanted to have VPN protection and it has been good enough for me. But for some reason it's all blocked when I change GW to the airvpn machine, the airvpn is working as expected there. Also added the "sysctl -w net.ipv4.ip_forward=1" and flushed iptables, tried reboot.. Well I'm out of ideas, I'm using the auto generated config for regular openvpn, any help ?

Best regards

Share this post


Link to post

On the AirVPN machine you must have iptables rules that route from the local network interface to the VPN interface.
Example:

AirVPN machine has internal IP address 192.168.1.3/24 ; and is connected to AirVPN via tun1 interface.
Your local computers are in the network 192.168.1.0/24 on the same network with the AirVPN machine, they are reachable directly (e.g. they can ping each other).

You need to setup on each computer in the network gateway 192.168.1.3 (AirVPN machine) and on AirVPN machine iptables rules to do MASQUARADE or source/destination rules from 192.168.1.0/24 to `tun1` interface.

Same for IPv6, where you will need to configure ULA (unique local addresses) on your LAN for all machines and the AirVPN machine, enable ipv6 forwarding in sysctl.conf and have ip6tables rules the same as iptables rules for IPv4.

You aslo need a DNS forwarder on AirVPN machine (like unbound) that will listen for DNS requests on 192.168.1.3 and the IPv6 ULA address and forward them to the AirVPN DNS resolver inside the VPN tunnel.

Last but not least you need to edit gai.conf or windows net policies to prefer IPv6 ULA's so that dual-stack mode works as per RFC (IPv6 first, then IPv4).

Hope this helps. I only gave some guidelines not specific setups because I have no clue of what your setup is or what kind of network you have or what kind of IP classes you use, etc. but you can google information from here in order to fulfill the steps above.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...