NAT Routing VPN connection to Local Network

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












1















I have a Raspberry Pi with one Ethernet Connection. This ethernet wires up the device to both the internet and the local network. I am trying to allow, via OpenVPN, a connection from outside the local network to access the machines on the local network as the local network itself cannot have a public static IP.



I have set up OpenVPN server successfully and can connect the Pi from another computer via the VPN connection however I am unsure how to then allow network access to the rest of the local network that the Pi is on by routing connections from OpenVPN through to it's local network.



Many tutorials online assume that there are two different interfaces that each respectively connect to the internet and the local network however in this case we have one interface doing both. Is there a way that I can use NAT to route OpenVPN connections to the local network such that connections can be made in both directions, to and from the local network and the OpenVPN connection via a static local ip?










share|improve this question




























    1















    I have a Raspberry Pi with one Ethernet Connection. This ethernet wires up the device to both the internet and the local network. I am trying to allow, via OpenVPN, a connection from outside the local network to access the machines on the local network as the local network itself cannot have a public static IP.



    I have set up OpenVPN server successfully and can connect the Pi from another computer via the VPN connection however I am unsure how to then allow network access to the rest of the local network that the Pi is on by routing connections from OpenVPN through to it's local network.



    Many tutorials online assume that there are two different interfaces that each respectively connect to the internet and the local network however in this case we have one interface doing both. Is there a way that I can use NAT to route OpenVPN connections to the local network such that connections can be made in both directions, to and from the local network and the OpenVPN connection via a static local ip?










    share|improve this question


























      1












      1








      1








      I have a Raspberry Pi with one Ethernet Connection. This ethernet wires up the device to both the internet and the local network. I am trying to allow, via OpenVPN, a connection from outside the local network to access the machines on the local network as the local network itself cannot have a public static IP.



      I have set up OpenVPN server successfully and can connect the Pi from another computer via the VPN connection however I am unsure how to then allow network access to the rest of the local network that the Pi is on by routing connections from OpenVPN through to it's local network.



      Many tutorials online assume that there are two different interfaces that each respectively connect to the internet and the local network however in this case we have one interface doing both. Is there a way that I can use NAT to route OpenVPN connections to the local network such that connections can be made in both directions, to and from the local network and the OpenVPN connection via a static local ip?










      share|improve this question
















      I have a Raspberry Pi with one Ethernet Connection. This ethernet wires up the device to both the internet and the local network. I am trying to allow, via OpenVPN, a connection from outside the local network to access the machines on the local network as the local network itself cannot have a public static IP.



      I have set up OpenVPN server successfully and can connect the Pi from another computer via the VPN connection however I am unsure how to then allow network access to the rest of the local network that the Pi is on by routing connections from OpenVPN through to it's local network.



      Many tutorials online assume that there are two different interfaces that each respectively connect to the internet and the local network however in this case we have one interface doing both. Is there a way that I can use NAT to route OpenVPN connections to the local network such that connections can be made in both directions, to and from the local network and the OpenVPN connection via a static local ip?







      networking openvpn network-interface vpn nat






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 13 at 22:08









      Rui F Ribeiro

      41.5k1483140




      41.5k1483140










      asked Aug 31 '16 at 12:38









      ShiriShiri

      1064




      1064




















          1 Answer
          1






          active

          oldest

          votes


















          0














          (I'm assuming you are using an L3 VPN.)



          The clean (NAT-less) way to do this is to give an IP of your LAN to your OpenVPN client. Let's say your LAN is 192.168.0.0/24, you can statically allocate one IP in this range for your OpenVPN client.



          Let's say you give 192.168.0.42 to your OpenVPN client. Nodes on the LAN trying to reach the 192.168.0.42 will do an ARP request on the LAN in order to find the MAC address associated with the IP address. However, your OpenVPN is not on the LAN and cannot answer to the ARP requests: thus the nodes on the remote LAN cannot reach your OpenVPN client.



          IP configuration on the server:



          ip address add 192.168.0.33 peer 192.168.0.42 dev tun0


          IP configuration on the client:



          ip address add 192.168.0.42 peer 192.168.0.33 dev tun0


          First, we need to ask the OpenVPN server to answer to ARP request on behalf of the client. This is called an ARP proxy:



          ip neigh proxy 192.168.0.42 dev eth0


          Now, nodes on the LAN trying to reach 192.168.0.42 will get an ARP reply from the OpenVPN server and send the packets to it.



          The next step is to enable IP forwarding on the OpenVPN server:



          sysctl -w net.ipv4.ip_forward=1


          When receiving a packet for 192.168.0.42, the OpenVPN server will now route it to the client.






          share|improve this answer






















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f306964%2fnat-routing-vpn-connection-to-local-network%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            (I'm assuming you are using an L3 VPN.)



            The clean (NAT-less) way to do this is to give an IP of your LAN to your OpenVPN client. Let's say your LAN is 192.168.0.0/24, you can statically allocate one IP in this range for your OpenVPN client.



            Let's say you give 192.168.0.42 to your OpenVPN client. Nodes on the LAN trying to reach the 192.168.0.42 will do an ARP request on the LAN in order to find the MAC address associated with the IP address. However, your OpenVPN is not on the LAN and cannot answer to the ARP requests: thus the nodes on the remote LAN cannot reach your OpenVPN client.



            IP configuration on the server:



            ip address add 192.168.0.33 peer 192.168.0.42 dev tun0


            IP configuration on the client:



            ip address add 192.168.0.42 peer 192.168.0.33 dev tun0


            First, we need to ask the OpenVPN server to answer to ARP request on behalf of the client. This is called an ARP proxy:



            ip neigh proxy 192.168.0.42 dev eth0


            Now, nodes on the LAN trying to reach 192.168.0.42 will get an ARP reply from the OpenVPN server and send the packets to it.



            The next step is to enable IP forwarding on the OpenVPN server:



            sysctl -w net.ipv4.ip_forward=1


            When receiving a packet for 192.168.0.42, the OpenVPN server will now route it to the client.






            share|improve this answer



























              0














              (I'm assuming you are using an L3 VPN.)



              The clean (NAT-less) way to do this is to give an IP of your LAN to your OpenVPN client. Let's say your LAN is 192.168.0.0/24, you can statically allocate one IP in this range for your OpenVPN client.



              Let's say you give 192.168.0.42 to your OpenVPN client. Nodes on the LAN trying to reach the 192.168.0.42 will do an ARP request on the LAN in order to find the MAC address associated with the IP address. However, your OpenVPN is not on the LAN and cannot answer to the ARP requests: thus the nodes on the remote LAN cannot reach your OpenVPN client.



              IP configuration on the server:



              ip address add 192.168.0.33 peer 192.168.0.42 dev tun0


              IP configuration on the client:



              ip address add 192.168.0.42 peer 192.168.0.33 dev tun0


              First, we need to ask the OpenVPN server to answer to ARP request on behalf of the client. This is called an ARP proxy:



              ip neigh proxy 192.168.0.42 dev eth0


              Now, nodes on the LAN trying to reach 192.168.0.42 will get an ARP reply from the OpenVPN server and send the packets to it.



              The next step is to enable IP forwarding on the OpenVPN server:



              sysctl -w net.ipv4.ip_forward=1


              When receiving a packet for 192.168.0.42, the OpenVPN server will now route it to the client.






              share|improve this answer

























                0












                0








                0







                (I'm assuming you are using an L3 VPN.)



                The clean (NAT-less) way to do this is to give an IP of your LAN to your OpenVPN client. Let's say your LAN is 192.168.0.0/24, you can statically allocate one IP in this range for your OpenVPN client.



                Let's say you give 192.168.0.42 to your OpenVPN client. Nodes on the LAN trying to reach the 192.168.0.42 will do an ARP request on the LAN in order to find the MAC address associated with the IP address. However, your OpenVPN is not on the LAN and cannot answer to the ARP requests: thus the nodes on the remote LAN cannot reach your OpenVPN client.



                IP configuration on the server:



                ip address add 192.168.0.33 peer 192.168.0.42 dev tun0


                IP configuration on the client:



                ip address add 192.168.0.42 peer 192.168.0.33 dev tun0


                First, we need to ask the OpenVPN server to answer to ARP request on behalf of the client. This is called an ARP proxy:



                ip neigh proxy 192.168.0.42 dev eth0


                Now, nodes on the LAN trying to reach 192.168.0.42 will get an ARP reply from the OpenVPN server and send the packets to it.



                The next step is to enable IP forwarding on the OpenVPN server:



                sysctl -w net.ipv4.ip_forward=1


                When receiving a packet for 192.168.0.42, the OpenVPN server will now route it to the client.






                share|improve this answer













                (I'm assuming you are using an L3 VPN.)



                The clean (NAT-less) way to do this is to give an IP of your LAN to your OpenVPN client. Let's say your LAN is 192.168.0.0/24, you can statically allocate one IP in this range for your OpenVPN client.



                Let's say you give 192.168.0.42 to your OpenVPN client. Nodes on the LAN trying to reach the 192.168.0.42 will do an ARP request on the LAN in order to find the MAC address associated with the IP address. However, your OpenVPN is not on the LAN and cannot answer to the ARP requests: thus the nodes on the remote LAN cannot reach your OpenVPN client.



                IP configuration on the server:



                ip address add 192.168.0.33 peer 192.168.0.42 dev tun0


                IP configuration on the client:



                ip address add 192.168.0.42 peer 192.168.0.33 dev tun0


                First, we need to ask the OpenVPN server to answer to ARP request on behalf of the client. This is called an ARP proxy:



                ip neigh proxy 192.168.0.42 dev eth0


                Now, nodes on the LAN trying to reach 192.168.0.42 will get an ARP reply from the OpenVPN server and send the packets to it.



                The next step is to enable IP forwarding on the OpenVPN server:



                sysctl -w net.ipv4.ip_forward=1


                When receiving a packet for 192.168.0.42, the OpenVPN server will now route it to the client.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Sep 29 '16 at 22:13









                ysdxysdx

                1,232913




                1,232913



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f306964%2fnat-routing-vpn-connection-to-local-network%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?