I can connect to any clients across these different subnets fine when not doing the following below.
I followed spaceinvader's tutorial regarding setting up a VM gateway for a VPN and given it an address of 192.168.30.254 and then changed the DHCP server for 192.168.30.0/24 on unifi to use 192.168.30.254 as the gateway.
I can no longer access the clients connected to this network from 192.168.1.0/24. Is there some magic routing I can use perhaps on the VM gateway to be able to talk to these machines and vice versa?
In the video he uses the following IPTABLES for routing, maybe I can change this somehow?
enp1s0 has the ipaddress of 192.168.30.254
sudo iptables --flush
sudo iptables --delete-chain
sudo iptables -t nat -F
sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
sudo iptables -A INPUT -i enp1s0 -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT
sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT
sudo iptables -I INPUT -i enp1s0 -m comment --comment "In from LAN" -j ACCEPT
sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT
sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT
sudo iptables -A FORWARD -i tun+ -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT
sudo iptables -P FORWARD DROP
VM Routing
in VM Engine (KVM)
Posted · Edited by cheops2006
Hi,
I have a couple of UNIFI networks with DHCP
192.168.1.0/24(VLAN 0), GW 192.168.1.1
192.168.30.1/24(VLAN 30), GW 192.168.30.1
I can connect to any clients across these different subnets fine when not doing the following below.
I followed spaceinvader's tutorial regarding setting up a VM gateway for a VPN and given it an address of 192.168.30.254 and then changed the DHCP server for 192.168.30.0/24 on unifi to use 192.168.30.254 as the gateway.
I can no longer access the clients connected to this network from 192.168.1.0/24. Is there some magic routing I can use perhaps on the VM gateway to be able to talk to these machines and vice versa?
In the video he uses the following IPTABLES for routing, maybe I can change this somehow?
enp1s0 has the ipaddress of 192.168.30.254
sudo iptables --flush
sudo iptables --delete-chain
sudo iptables -t nat -F
sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
sudo iptables -A INPUT -i enp1s0 -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT
sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT
sudo iptables -I INPUT -i enp1s0 -m comment --comment "In from LAN" -j ACCEPT
sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT
sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT
sudo iptables -A FORWARD -i tun+ -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT
sudo iptables -P FORWARD DROP
Any help much appreciated
Thanks