Iptables -t nat -A PREROUTING -p tcp -dport 28006 -j DNAT -to 10.1.134.I purchased the Jetpack 8800L specifically because it is advertised as supporting a built-in OpenVPN client. I had to additionally start my application on the client, that the websites were able to see these ports. cat /etc/openvpn/staticclients/TESTCLIENT This example pushs the IPAddress 10.1.134.110/10.1.134.109 to the Client with the common name TESTCLIENT and also pushes a additional route for subnet 10.1.135.0. This command gets the CN from the computers certificate: The filename must match the common name attribute that was specified at the certificate of the client. etc/openvpn/staticclients and create the directory mkdir /etc/openvpn/staticclientsĪdd this directory as option to your openvpn configfile at the server: client-config-dir /etc/openvpn/staticclientsįor each client you have to create a file. So I gave each of them a static IPAddressĭefine a directory where the client scripts should be stored, e.g. I had more than one VPNClient with the same IPAddress.I also had this problem and tried to solve it for hours. a home router).Īlso note that if you want to forward port 6000 to a different port (say 7000), then the SNAT rule should match on 7000, not 6000. In most port forwarding setups, the SNAT is not needed because the host performing the port forwarding is also the default gateway for the destination host (e.g. This causes all sorts of problems, since z.z.z.z really initiated the connection to x.x.x.x. Thus the source IP address on the return packets will be your Verizon 3G address, and not x.x.x.x. The reason you need the SNAT is because otherwise your VPN client will send its return packets straight to the host which initiated the connection (z.z.z.z) via its default gateway (i.e. Set up source NAT (SNAT) so that from your VPN client's perspective, the connection is coming from the VPN server: iptables -t nat -A POSTROUTING -d y.y.y.100 -p tcp -dport 6000 -j SNAT -to-source y.y.y.1 You've probably already figured this out because it's standard port forwarding stuff, but for completeness: iptables -t nat -A PREROUTING -d x.x.x.x -p tcp -dport 6000 -j DNAT -to-dest y.y.y.100:6000 Set up destination NAT (DNAT) to forward the port. You must enable IP forwarding: sysctl -w _forward=1 You need to do three things on your VPN server (the Linode) to make this work: Does anyone have any ideas, or perhaps even a totally different approach I might not be aware of? The goal here is to listen through a horribly firewalled connection, preferably both TCP and UDP traffic. I have tried at least 20 different Googled up iptables configs and none have worked yet. So for instance, if I had port 6000 open on my client, a person could telnet in to x.x.x.x:6000, and the server would catch that and forward it to 192.168.3.100:6000. Internet -> WAN IP:Port -> Forward to Client VPN IP:Port To verify I wasn't going insane, I attempted some connections from the server to the open ports on the client, and the client does accept the connections via the VPN IP. Server (Debian) WAN IP: x.x.x.x on eth0 - pptpd IP: y.y.y.1 on ppp0 - Client VPN IP: y.y.y.100 I have pptpd installed and my home machine connects happily.
#Verizon vpn client install
I currently have a Linux virtual machine at, and the thought crossed my mind to install pptpd and attempt to do some iptables port forwarding. They filter all incoming traffic so it is impossible for me to open ports to accept connections. Right now I am (sadly) connected to the net via Verizon 3G.
I've run into a bit of a puzzle and haven't had much luck finding a solution.
0 kommentar(er)
