[Shorewall-users] R: DNAT on openvpn client over OPENWRT

Thu, 27 Jul 2017 07:14:04 -0700 

Nobody know as can I configure it?

Thanks

Ivan

 

Da: Ivan [mailto:ivan1...@fastwebnet.it] 
Inviato: lunedì 24 luglio 2017 17:13
A: 'shorewall-users@lists.sourceforge.net'
<shorewall-users@lists.sourceforge.net>
Oggetto: DNAT on openvpn client over OPENWRT

 

Hello all,

I have an Debian server with shorewall (version 4.6.4.3), on the same server
is installed an OpenVPN Server, on remote site I have a LEDE/OpenWRT router
with an OpenVPN Client connected to previous server.

This is my network:

Office with Debian Server

1.      Eth0: internal network with address 192.168.1.1 (subnet
192.168.1.0/24)
2.      Eth1: external network with address 192.168.0.2 connected to
provider router;
3.      Tun0: OpenVPN Network with subnet 192.168.250.0/24

Home with LEDE/OpenWRT Router

1.      The router is connected to internet through an LTE USB key;
2.      On the router is running OpenVN Client connected to server with IP
Address: 192.168.250.122
3.      The internal network have the subnet 192.168.0.0/24

 

I need to expose a my home internal Web Server host (running on address
192.168.0.4) through my Office internet network.

I configured Shorewall, OpenWRT and OpenVPN to do it and I’m able to reach
the server from I internal office network connecting to OpenVPN client IP
(192.168.250.122), but I’m not able to reach the web server from internet
following this route:

 

Internet -> external office IP Address -> 192.168.0.2 -> 192.168.1.1 ->
192.168.250.122 -> 192.168.0.4

 

I believe that the issue is related to a wrong MASQ/SNAT configuration,
because into OpenWRT router logs I saw the request but the Source IP Address
is the original one instead of the office IP Address, is it true?

I which way should I configure masquerade to solve this issue?

Thanks

Ivan

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to