Access a Remote Network

Here, we provide access to a remote network, by presenting it in a virtual location.

Useful, if for example, you wanted to access hosts on a remote network (192.168.2.0/24), but you are using 192.168.2.0/24 for something else already.

Here, we use the concept of network mapping... by accessing another range (e.g: 10.16.0.0/24) that is routed to the endpoint, and subsequently mapped into their local network.

OpenVPN Server (local)

route ${virtual_network} ${virtual_netmask}
iroute ${virtual_network} ${virtual_netmask}
:FORWARD.${client} - [0:0]
-A FORWARD -s ${client_ip}/32 -i tun0 -j FORWARD.${client}
-A FORWARD.${client} -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD.${client} -j DROP

OpenVPN Client (remote)

net.ipv4.ip_forward=1
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
COMMIT

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -d ${virtual_network}/${virtual_len} -i tun0 -j NETMAP --to ${physical_network}/${physical_len}
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT

Local Clients

  • Setup a route for ${virtual_network}/${virtual_len} via the VPN server.