By default OpenVPN only routes traffic to and from the OpenVPN Server. If you need all traffic from a client through the OpenVPN tunnel there are several options listed in the OpenVPN docs (http://openvpn.net/index.php/open-source/documentation/howto.html#redirect). Since I don’t have any control over the server in some cases I needed a client side solution. As I already have ufw running with Ubuntu I wanted to use the existing software.
Here is how to configure ufw to enable routing all traffic from your client machines through the OpenVPN Server.
Change default forward policy, edit /etc/sysctl.conf to permanently enable ipv4 packet forwarding. (Note: This will take effect at next boot).
sudo vim /etc/sysctl.conf
# Enable packet forwarding net.ipv4.ip_forward=1
And then configure ufw in /etc/default/ufw
sudo vim /etc/default/ufw
UFW before rules
Change /etc/ufw/before.rules to add the following code after the header and before the “*filter” line. Match the IP/subnet mask to the same one as in /etc/openvpn/server.conf.
sudo vim /etc/ufw/before.rules
# START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to eth0 -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE COMMIT # END OPENVPN RULES
Open openvpn port 1194
sudo ufw allow 1194
sudo service ufw start
This Post Has 4 Comments
Pingback: StrongSwan VPN (and ufw) – Mindstab.net
Hi. How does one do the server side config to route all traffic from VPN clients?