If you'd like your VPN clients to get IP addresses in the same subnet as your HDA, and not in the 10.8.0.0/24 subnet (default), read this page: [[VPN Bridging]].
= IP Forwarding for Ubuntu based HDA's =
Something that is often asked on the forums is how to have access to your remote LAN's resources while connected to your HDA. One way to accomplish this is through bridging VPN and eth0 on your HDA. This process may not be necessary for some users and a script has been developed by one of the forum members to accomplish this task. Not only with this script allow for a user to browse to their remote LAN's resources, the user will also be able to browse the internet. Below is the script and instructions for how to run it. Please keep in mind that this is for Ubuntu based HDA's ONLY.
{{Code|
Code = #!/bin/bash
log_file="/tmp/openvpn_extra.log"
function log()
{
echo -e "$(date +%b\ %d\ %H:%M:%S) $(hostname -s) openvpn_extra: $@" >> $log_file
echo -e "$(date +%b\ %d\ %H:%M:%S) $(hostname -s) openvpn_extra: $@"
}
# Enable it right now
if ! echo 1 > /proc/sys/net/ipv4/ip_forward; then
log "FATAL: could not enable ip_forward for immediate use"
exit 1
fi
if ! iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; then
log "FATAL: could not set iptables for immediate use"
exit 1
fi
#set it up so it does it at startup
if ! sed -i 's/#net.ipv4.ip_forward=.*\+/net.ipv4.ip_forward=1/' /etc/sysctl.conf; then
log "FATAL: could not set ip_forward permanantly"
exit 1
fi
if ! sh -c "iptables-save > /etc/iptables.rules"; then
log "FATAL: could not set iptables permanantly"
exit 1
fi
sudo cat > /etc/network/if-pre-up.d/iptablesload <<EOF
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0
EOF
sudo cat > /etc/network/if-post-down.d/iptablessave <<EOF
#!/bin/sh
iptables-save -c > /etc/iptables.rules
if [ -f /etc/iptables.downrules ]; then
iptables-restore < /etc/iptables.downrules
fi
exit 0
EOF
if ! chmod +x /etc/network/if-post-down.d/iptablessave; then
log "FATAL: Could not chmod the iptablessave script"
exit 1
fi
if ! chmod +x /etc/network/if-pre-up.d/iptablesload; then
log "FATAL: Could not chmod the iptablesload script"
exit 1
fi
echo "Done"
exit 0
}}
You can then run the script with the following command from the CLI:
{{Code|
Code = sudo bash openvpn_extra.sh
}}
= Troubleshooting =