--On Friday, December 29, 2017 5:41 PM +0100 Alain Péan
<alain.pean@xxxxxxxxxxxxxxx> wrote:
https://unix.stackexchange.com/questions/149144/configuring-openvpn-to-us
e-firewalld-instead-of-iptables-on-centos-7
Alas, this doesn't seem to allow forwarding from the tun0 device. That's
the setup I had that failed. I needed the direct rule to allow forwarding
from tun0 to get packets delivered to PCs on my LAN. Without that, the
remote PC can only access the VPN server itself and not the internal PCs
behind it.
It's also necessary for the LAN PCs to know that the addresses in the VPN
must be routed through this gateway, but that's a given since this is also
the Internet gateway for the LAN. Their default route takes care of that.
If you run a separate VPN concentrator, you may need to advertise a route
on the LAN (via DHCP) or add a route on your Internet gateway to the
separate concentrator for your VPN netblock so the return packets find
their way back to the tun device.
My OpenVPN server config includes a line to push a route to the remote
clients for the office's LAN net block:
push "route 192.168.20.0 255.255.255.0"
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
