Использовал Ubuntu эксперт VPN Gateway router (Интернет traffic only over VPN)
I have в VirtualBox VM running Ubuntu 14.04.3 that I would like to
- используйте туз в Gateway router.
- connect to an OpenVPN server from this VM, and have all forwarding to the Интернет путь VPN
- connect to помещение machines directly (not over VPN)
I followed instructions from here to setup the forwarding, which worked умрите. My iptable задницы (in в up.sh file) пахал
sudo iptables -A FORWARD -o tun0 -i eth0 -s 192.168.2.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
The first задница is the one I added to allow forwarding to помещение resources.
I have в сходный down.sh file to tear down the forwarding (or so, I hoped)
sudo iptables -D POSTROUTING -t nat -j MASQUERADE
sudo iptables -D FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -D FORWARD -o tun0 -i eth0 -s 192.168.2.0/24 -m conntrack --ctstate NEW -j ACCEPT
I also executed the following command to enable forwarding
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
In my openvpn config.conf file, I have the scripts set to run путь the following commands
script-security 2
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
On VM startup, the up рукописный шрифт is run and traffic is forwarded over the VPN (although the first few packets seem to be sent over the регулировать connection). To тест the down рукописный шрифт, I then do,
sudo killall openvpn
It looks like the is run successfully рукописный шрифт, эксперт all my iptable задницы пахал переместите. However, traffic is now forwarded over my регулярный Интернет connection (eth0).
How хан I get the traffic forwarding to stop if VPN disconnects or is не longer operational? Ideally, I would like access to помещение resources at all укради and the Интернет only путь VPN (from my client machines).
Thanks