10456 questions

12460 answers

19384 comments

21896 members

0 votes
46 views 0 comments
by
So my network topology is this:

LAN Gateway is: 192.168.2.1

RUT240 LAN IP is: 192.168.2.237

RUT240 assigns VPN dhcp IPs to connecting clients in the 192.168.255.0/24 range

My problem is that when a VPN client gets assigned IP 192.168.255.6 for example, it can't talk directly to other devices in the 192.168.2.0/24 LAN because that device doesn't know how to reach 192.168.255.0/24 and even my gateway doesn't have a route for 192.168.2.0/24.

I want to keep it this way, because I'm using the RUT240 as an OOB last-resort connection method. I have to assume everything is down, including the gateway ( imagine a power loss ). This means the RUT240 must be able to talk to devices on 192.168.2.0/24 directly, without a gateway.

I believe I have to configure the RUT240 to NAT the VPN connections to its own LAN IP ( 192.168.2.237 ) which would then allow for direct connections to the rest of the LAN.

Has anyone else done this ? Is it possible ?

1 Answer

0 votes
by
ok, I solved this myself with a custom firewall rule:

iptables -t nat -A POSTROUTING -o br-lan -s 192.168.255.0/24 -j MASQUERADE

where 192.168.255.0/24 is my openvpn assigned network.

Basically I'm natting all IPs from 192.168.255.0/24 to the br-lan interface. Works like a charm
Best answer