From 6b9e17f4950ee87b428ddd08db8e49c9dc890e69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20D=C3=ADez?= Date: Mon, 3 Feb 2014 12:21:37 +0000 Subject: [PATCH] Allow intra-VPN networking By excluding the internal network from the SNAT route, intra-VPN traffic will be routed correctly. --- openvpn-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 1afee19..e26a89e 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -181,8 +181,8 @@ else # Avoid an unneeded reboot echo 1 > /proc/sys/net/ipv4/ip_forward # Set iptables - iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP - sed -i "/# By default this script does nothing./a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP" /etc/rc.local + iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP + sed -i "/# By default this script does nothing./a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP" /etc/rc.local # And finally, restart OpenVPN /etc/init.d/openvpn restart # Let's generate the client config