search

cisagov / ansible-role-openvpn

Ansible role to install an OpenVPN server and configure it to authenticate users certificates against FreeIPA.
Creative Commons Zero v1.0 Universal
8 stars 2 forks source link

Enable NATing on OpenVPN instance #5

Closed felddy closed 4 years ago

felddy commented 4 years ago

I've started working on this in: https://github.com/cisagov/ansible-role-openvpn/tree/improvement/NAT

Two things need to happen on a new OpenVPN instance to enable NAT:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.128.248.0/21 -o ens5 -j MASQUERADE

Some of this will need to live in the ansible role, and other parts will be in cloud-init.

@jsf9k threw together this ditty to get the interface:

ip addr show to 10.128.9.0/24 | head -n1 | sed "s/.*\(ens[0-9]*\):.*/\1/"
jsf9k commented 4 years ago

Partially done in cisagov/ansible-role-openvpn#10. There is a remaining piece that has to be done in cloud-init on the OpenVPN server.

jsf9k commented 4 years ago

The cloud-init piece is still to be done.

jsf9k commented 4 years ago

The cloud-init piece is done in cisagov/openvpn-server-tf-module#21.