I’ve been trying to implement an open vpn server on my cloud and I have been mildly successful. My cloud comes pre-installed within openssl and openvpn and the mods to get it go was relatively simple. However, there was a couple of gotchas to watch out for as I found out when fiddling with routing in the server.conf file of openvpn.
So I’ve managed to get openvpn running and I’m able to connect externally through my router and connect to my mycloud and basically view the machine and its services. But I’m unable to view beyond the mycloud machine and into my local lan which I would like to do. At the momement the vpn setup is only slightly better than WD’s mycloud version of vpn provides (local file access).
The main issue is mycloud doesn’t come with iptables kernel module installed, and when I try to implement iptables’ ip traffic redirection as part of openvpn setup, I’m unable to.
So I’ve reviewed this thread: http://community.wd.com/t5/My-Book-Live/HOWTO-MBL-as-OpenVPN-server/m-p/397179#M11099
which provided some useful information, specifically this part:
If you want to enable VPN clients to get to machines other than your NAS on your LAN, you need to enable ip forwarding, which you can do in the OpenVPN config, add this line:
up " echo 1 > /proc/sys/net/ipv4/ip_forward"
which will turn your WDlive into a router, and route traffic between the tun interface and the eth0 interface. Then you need to ALSO add a route back to the VPN subnet on your router. Many routers can do this. Its called adding a static route, and the route format will be in english:
The VPN subnet (eg 172.22.6.0 netmask 255.255.255.0) is out the IP of the NAS (eg 192.168.0.240).
Adding a routeback over the LAN will be different for different routers, and some can’t even do it, but its the best way.
I understand the ip_forward part, but the setting up of the static route within the router doesn’t make alot of sense, any body care to explain this?
Currently my vpn is setup as this :
[vpnclient external]<—>Router<----->mycloud([192.168.1.2]<–vpn tunnel–>[10.8.0.0]<—>[192.168.1.2]**)<—> **local lan
where 10.8.0.0 is the vpn server and local lan is the vpn trying to access the local lan.
Basically the vpn server can’t see past the mycloud server, so how do I route traffic via vpn server to local lan and back again without iptables? I’ve tried using a eithernet bridge mode in the vpn server, but that didn’t work at all… I was able to connect a vpn client, but wasn’t able to route traffic correctly so got nothing back.
Any open vpn gurus about?