Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

VM Routing

Featured Replies

Hi,

I have a couple of UNIFI networks with DHCP

192.168.1.0/24(VLAN 0), GW 192.168.1.1
192.168.30.1/24(VLAN 30), GW 192.168.30.1

I can connect to any clients across these different subnets fine when not doing the following below.

I followed spaceinvader's tutorial regarding setting up a VM gateway for a VPN and given it an address of 192.168.30.254 and then changed the DHCP server for 192.168.30.0/24 on unifi to use 192.168.30.254 as the gateway.

I can no longer access the clients connected to this network from 192.168.1.0/24. Is there some magic routing I can use perhaps on the VM gateway to be able to talk to these machines and vice versa?

In the video he uses the following IPTABLES for routing, maybe I can change this somehow?

enp1s0 has the ipaddress of 192.168.30.254

sudo iptables --flush
sudo iptables --delete-chain
sudo iptables -t nat -F
sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
sudo iptables -A INPUT -i enp1s0 -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT
sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT
sudo iptables -I INPUT -i enp1s0 -m comment --comment "In from LAN" -j ACCEPT
sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT
sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT
sudo iptables -A FORWARD -i tun+ -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT
sudo iptables  -P FORWARD DROP  

Any help much appreciated

Thanks

Edited by cheops2006

This is because you now have two routers/gateways on 192.168.30.0/24 network.

and only 192.168.30.1 (is this the Unifi) can talk to 192.168.1.0/24

In situations like this, ideally the VPN VM should also be a gateway to the other networks, but that will probably cause you grief

if your Unifi router can't run the VPN client you want, it might be possible to create another VLAN (say 31) 192.168.31.0/24, put the VM there as 192.168.31.254 and make the Unifi route all traffic from 192.168.30.0/0 thru the VPN 192.168.31.254 instead of whatever your ISP gateway is.

 

Not running a Unifi router, so I have no idea how you do this though.

Edited by ken-ji

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.