Has anyone tried portforwarding an external ip on an openvpn server over to an internal ip/port on an openvpn client? I am curious how this would be accomplished.
I have tried a couple of different NAT / Iptables configs but no luck as yet
Interesting. No I haven't. I would imagine that it's no different than other routing/natting. However I know that OpenVPN itself has some primitive firewalling (preventing clients from connecting to one another, unless configured to allow it)
I came across some blog posts referring to an OpenVPN packet filter
but could not find documentation on how to disable / configure it
mnathani: you would have to (in pf syntax, presuming em0 and tun0) do something akin to .. 'pass in on em0 to (em0) port 1234 rdr-to 10.9.0.2' then 'nat out on tun0 from !(tun0) to (tun0:network)'
wow I mixed old and new syntax
the 2nd should be
'pass out on tun0 from !(tun0) to (tun0:network) nat-to (tun0)
'
bottom line is
those pf rules would need to be translated / converted to Iptables syntax on Centos 6?
remote side of openvpn expects to see your ip / subnet and nothing more unless they are told to route to it. and I doubt you want the remote end to route to 0.0.0.0/0 through your end so translate your end of the openvpn tunnel to what the remote end is expecting to see and use rdr as needed to direct inbound packets on other interfaces across the openvpn tunnel
mnathani: I have no experience in Centos 6, but since it does iptables you'd need similar concepts, which I'd be surprised if it can't do
I dont really mind if all 0.0.0.0/0 gets routed through the openvpn server
Its more of an experiment to see if I can connect to the openvpn client which is behind a firewall I do not have control over
hence the need to use the vpn to allow inbound access
consider what 0.0.0.0/0 means. ensure you have a static route to the openvpn server. its a matter of understanding how networking and firewalls work, nothing more. it is doable.
nmap output: 3389/tcp filtered ms-term-serv
what does the filtered refer to?
and how is it different from closed
filtered indicates to me it has a firewall blocking it vs returning icmp unreach
if you check nmap while running a tcpdump to watch: \( 192.168.0.112 and tcp port 3389 \) or icmp
you might see more clearly what this means
I got it working
my nat rule was too broad
woot
right on
I spent hours on it last night
here is the nat rule now:
iptables -t nat -A POSTROUTING -s 10.8.1.6/32 -j SNAT --to A.B.C.D
where A.B.C.D is my vpn server ip
previously it was 10.0.0.0/8
;)
hi kevr
hello.
 ~
!
`;->~
can OpenVPN be used to provide IPv6 connectivity to an IPv4 only client (Server would be dual stacked ofcourse)