Install NAT and openvpn in a openvz node, with NAT enabled.

#This instructions are ready for you to copy and paste in putty bash command line. The commands are for a Centos/redhat. Variations may be needed for Debian, gentoo or Ubuntu

#1. Install Openvpn. We use DAG repository (installed because std centos does not come with it installed

#Red Hat Enterprise Linux 5 / i386 Checi http://dag.wieers.com/rpm/FAQ.php#B for other distributions

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

yum -y update

yum -y install openvpn

#write the openvpn.conf file

echo 'port 1194' > /etc/openvpn/openvpn.conf
echo 'proto udp' >> /etc/openvpn/openvpn.conf
echo 'dev tun' >> /etc/openvpn/openvpn.conf
echo '' >> /etc/openvpn/openvpn.conf
echo 'ca /etc/openvpn/keys/ca.crt' >> /etc/openvpn/openvpn.conf
echo 'cert /etc/openvpn/keys/server.crt' >> /etc/openvpn/openvpn.conf
echo 'key /etc/openvpn/keys/server.key  # This file should be kept secret' >> /etc/openvpn/openvpn.conf
echo 'dh /etc/openvpn/keys/dh1024.pem' >> /etc/openvpn/openvpn.conf
echo '' >> /etc/openvpn/openvpn.conf
echo 'server 10.8.0.0 255.255.255.0' >> /etc/openvpn/openvpn.conf
echo 'ifconfig-pool-persist ipp.txt' >> /etc/openvpn/openvpn.conf
echo '' >> /etc/openvpn/openvpn.conf
echo 'duplicate-cn' >> /etc/openvpn/openvpn.conf
echo 'keepalive 10 120' >> /etc/openvpn/openvpn.conf
echo 'comp-lzo' >> /etc/openvpn/openvpn.conf

echo 1 > /proc/sys/net/ipv4/ip_forward

#Edit /etc/sysctl.conf and change the line that says net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1.

#This ensures that on HW node reboot the ip forward setting will be reloaded

#we do start openvpn service

/etc/init.d/openvpn start

#set routes for NAT

ip route add 10.8.0.0/24 dev venet0
iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o venet0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE

 

#Note, HW node has to have the modules below for NAT. You can check with the command below

#cat /proc/net/ip_tables_targets
#              TCPMSS
#              REJECT
#              LOG
#              MASQUERADE
#              DNAT
#              SNAT
#              ERROR

#Be sure to have iptables on the HW node configured with the good modules

nano /etc/sysconfig/iptables-config

#IPTABLES_MODULES="ip_tables ip_conntrack iptable_nat ipt_LOG ipt_limit ipt_state ip_nat_ftp"

#If you miss one module the iptables commands will give error. If you get an error, check that you have MASQUERADE module in cat /proc/net/ip_tables_targets and, if not, login into the HW node and edit /etc/sysconfig/vz and ensure that kernel modules are
## IPv4 iptables kernel modules
#IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_tables ip_conntrack iptable_nat ipt_LOG ipt_limit ipt_state ip_nat_ftp"

 

 

 

 

 

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Deprecated functions php 5.3 (eregi, ereg, spliti, split . ..). How to make your code work again.

You had a website and all of the sudden it stopped working? Got the error Deprecated: Function...

optimize your site for speed. mod_deflate

Enable GZIP Compression on Per Account Basis Login to cPanel account for the user account which...

How to add IPs to your VPS server

On bash, go to /etc/sysconfig/network-scripts and you will see a list of interfaces [root@server...