Allow OpenVPN access LAN/Intranet behind the server (Ubuntu 14.04)

The default setting of openvpn only allows client to visit the openvpn server only. To allow the client to visit the LAN behind the server you need to forward the package from tun0 (the vpn) to wlan0 (the internet your server is using). For those who are using other interface to access internet, choose ech0, ech1, etc. accordingly.

/sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
/sbin/iptables -A FORWARD -i wlan0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i tun0 -o wlan0 -j ACCEPT

Leave a Reply

Your email address will not be published. Required fields are marked *