Help with open vpn routing

rubikcubic · July 20, 2014, 8:34pm

Hi,

I’ve been trying to implement an open vpn server on my cloud and I have been mildly successful. My cloud comes pre-installed within openssl and openvpn and the mods to get it go was relatively simple. However, there was a couple of gotchas to watch out for as I found out when fiddling with routing in the server.conf file of openvpn.

So I’ve managed to get openvpn running and I’m able to connect externally through my router and connect to my mycloud and basically view the machine and its services. But I’m unable to view beyond the mycloud machine and into my local lan which I would like to do. At the momement the vpn setup is only slightly better than WD’s mycloud version of vpn provides (local file access).

The main issue is mycloud doesn’t come with iptables kernel module installed, and when I try to implement iptables’ ip traffic redirection as part of openvpn setup, I’m unable to.

So I’ve reviewed this thread: http://community.wd.com/t5/My-Book-Live/HOWTO-MBL-as-OpenVPN-server/m-p/397179#M11099

which provided some useful information, specifically this part:

If you want to enable VPN clients to get to machines other than your NAS on your LAN, you need to enable ip forwarding, which you can do in the OpenVPN config, add this line:

up " echo 1 > /proc/sys/net/ipv4/ip_forward"
which will turn your WDlive into a router, and route traffic between the tun interface and the eth0 interface. Then you need to ALSO add a route back to the VPN subnet on your router. Many routers can do this. Its called adding a static route, and the route format will be in english:
The VPN subnet (eg 172.22.6.0 netmask 255.255.255.0) is out the IP of the NAS (eg 192.168.0.240).
Adding a routeback over the LAN will be different for different routers, and some can’t even do it, but its the best way.

I understand the ip_forward part, but the setting up of the static route within the router doesn’t make alot of sense, any body care to explain this?

Currently my vpn is setup as this :

[vpnclient external]<—>Router<----->mycloud([192.168.1.2]<–vpn tunnel–>[10.8.0.0]<—>[192.168.1.2]**)<—> **local lan

where 10.8.0.0 is the vpn server and local lan is the vpn trying to access the local lan.

Basically the vpn server can’t see past the mycloud server, so how do I route traffic via vpn server to local lan and back again without iptables? I’ve tried using a eithernet bridge mode in the vpn server, but that didn’t work at all… I was able to connect a vpn client, but wasn’t able to route traffic correctly so got nothing back.

Any open vpn gurus about?

TonyPh12345 · July 20, 2014, 8:51pm

It’s all that (IMHO unnecessary) complexity that I dropped using OpenVPN. I now use L2TP VPN – With the setup I’m using, the VPN clients are on the same subnet as your home network, not a different subnet that requires routing.

But the caveat to all this is that I’m not doing it on my Cloud NAS – I’m doing it on another system.

rubikcubic · July 22, 2014, 7:24am

So after much hunting around the internet and reading, the only way this openvpn thing it going to work is with iptables and NAT packet translation. I’ve added a static route for my own vpn subnet back to mycloud vpn tunnel, but still no luck.

It just doesn’t look like the ipforwarding is working between the openvpn tun0 device and eth0 device on the mycloud device!

So, looked at ssh tunnelling, but that is only point to point … so not much good.

Also looked at sshuttle; it looked interesting until I saw a youtube video and then it wasn’t.

So anyone installed the missing iptable kernel modules on mycloud at all?

Is it possible without it becoming a brick?

CRONE · November 27, 2014, 9:00am

not here to give you an answer… sorry

but I was also doing the same thing

trying to configure the already install ovpn to work as a vpn server

and i didn’t even get to the point where i could actually be connected to my nas ovpn server from outside

could you please post how you got it to work??

there are many similar posts on this subject but no one actually got it to work

but it seems that you’ve done the magic and got it working

it would be the best news of the year so far if you could show us how to set up the vpn

sAmiZZle · April 10, 2015, 11:46am

@rubikcubic Hi. I see that you have some skill in this area and was wondering if you can help me. I have just subscribed to Private Internet Access VPN (privateinternetaccess.com). They have advanced guides for configuring openVPN setup on Ubuntu, but, I don’t know how I would configure the WD My Cloud to use it.

Basically I have transmission installed as per Nazar78’s guide and have port forwarding on my router so that I can access it remotely via the Internet IP of the NAS to directly download torrents to the NAS. The way I imagine the VPN working is that with openVPN on the My Cloud configured to use the Private Internet Access VPN gateway I would just change the remote IP to be the IP of the VPN. Maybe I am a bit naive? My Linux skills are quite basic, so if you can help it would be greatly appreciated.

jibonifas · July 15, 2015, 5:41pm

Hola, en el MyCloud se puede configurar para poder conectarse a VPN y navegar por la red que está conectado el MyCloud??

Un saludo.