Access a Remote Network¶

Here, we provide access to a remote network, by presenting it in a virtual location.

Useful, if for example, you wanted to access hosts on a remote network (192.168.2.0/24), but you are using 192.168.2.0/24 for something else already.

Here, we use the concept of network mapping... by accessing another range (e.g: 10.16.0.0/24) that is routed to the endpoint, and subsequently mapped into their local network.

OpenVPN Server (local)¶

```text tab="server.conf" route ${virtual_network} ${virtual_netmask}

```text tab="ccd/${client}"
iroute ${virtual_network} ${virtual_netmask}

```text tab="/etc/iptables/rules.v4" :FORWARD.${client} - [0:0] -A FORWARD -s ${client_ip}/32 -i tun0 -j FORWARD.${client} -A FORWARD.${client} -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD.${client} -j DROP

## OpenVPN Client (remote)

```text tab="/etc/sysctl.conf"
net.ipv4.ip_forward=1

```text tab="/etc/iptables/rules.v4" *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i tun0 -j ACCEPT COMMIT

*nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -d ${virtual_network}/${virtual_len} -i tun0 -j NETMAP --to ${physical_network}/${physical_len} -A POSTROUTING -o eth0 -j MASQUERADE COMMIT ```

Local Clients¶

• Setup a route for ${virtual_network}/${virtual_len} via the VPN server.