[ previous ] [ next ] [ threads ]
 
 From:  Sven Brill <madde at gmx dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenVPN routing issue
 Date:  Tue, 06 Dec 2005 10:28:40 -0500 
Sven Brill wrote:

> Christof Murgott wrote:
>
>
> ipnat map tap0 192.168.5.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
> ipnat map tap0 192.168.5.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
> ipnat map tap0 192.168.5.0/24 -> 0.0.0.0/32
>

sorry, don't know what I was smoking, so I am replying to my own post. I 
just tried it (because i rebotted my firewall after the last time I 
played with it), and here it goes:

1. create a file on your local machine, e.g. ovpn.nat.rules
2. put the following lines in there (in this example, dc0 is the WAN 
interface and 192.168.5.0/24 is the openVPN address space):

map dc0 192.168.5.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map dc0 192.168.5.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map dc0 192.168.5.0/24 -> 0.0.0.0/32

3. upload the file via exec.php
4. execute "ipnat -f /tmp/ovpn.nat.rules"
5. test it.

hope this helps.

If anyone has a pointer as to how this can be added to the config.xml 
without going through setting up advanced outbound NAT, i would be glad 
to know.



Sven