[CentOS] IP forwarding and OpenVPN

Thu Nov 4 16:42:02 UTC 2010
Bart Schaefer <barton.schaefer at gmail.com>

On Thu, Nov 4, 2010 at 8:53 AM, Les Mikesell <lesmikesell at gmail.com> wrote:
> Can you explain what you are trying to accomplish as an end result?

On the server side of the VPN is the 192.168.90.0 LAN *and* (because
of routes pushed by the VPN server to my client) the public IP space
of the VPN server's network.  That and the VPN server itself are
managed by an outsourced IT department.

On the VPN client side is my CentOS host, which has two NICs.  The
lower half of 192.168.144 is the wired LAN plugged in to eth0, on
which my server is 192.168.144.1.  The upper half is routed to eth1,
on which my server is 192.168.144.253.  The DSL router is .254 and
uses the rest as DHCP space (but that's not involved here as it routes
directly to the DSL).  The DSL router is configured with a static
route entry that sends the lower half of 192.168.144.0 to
192.168.144.253.  (This is the part I'd forgotten about when I first
posted -- it's actually the router that's doing the NAT translation.
It's been literally years since I touched any of this stuff.)

I can do anything I like with my host, and almost nothing with the VPN
server or remote network, except on a couple of individual machines
where I have root access and tried the explicit routing experiment.

What I'm broadly trying to accomplish is that bringing up the VPN on
tun0 on my host doesn't break the ipforward routing from my LAN to any
part of the public IP space (including the part pushed to my host's
routing tables by the VPN server).  If I can get the my LAN to *use*
the VPN for all the routes that are pushed to me, that'd be great.  If
I can get *only* the CentOS host to use those routes and leave the
rest of my LAN alone, that'd be acceptable.