cheops2006 Posted May 16, 2020 Share Posted May 16, 2020 (edited) Hi, I have a couple of UNIFI networks with DHCP 192.168.1.0/24(VLAN 0), GW 192.168.1.1 192.168.30.1/24(VLAN 30), GW 192.168.30.1 I can connect to any clients across these different subnets fine when not doing the following below. I followed spaceinvader's tutorial regarding setting up a VM gateway for a VPN and given it an address of 192.168.30.254 and then changed the DHCP server for 192.168.30.0/24 on unifi to use 192.168.30.254 as the gateway. I can no longer access the clients connected to this network from 192.168.1.0/24. Is there some magic routing I can use perhaps on the VM gateway to be able to talk to these machines and vice versa? In the video he uses the following IPTABLES for routing, maybe I can change this somehow? enp1s0 has the ipaddress of 192.168.30.254 sudo iptables --flush sudo iptables --delete-chain sudo iptables -t nat -F sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE sudo iptables -A INPUT -i enp1s0 -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT sudo iptables -I INPUT -i enp1s0 -m comment --comment "In from LAN" -j ACCEPT sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT sudo iptables -A OUTPUT -o enp1s0 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT sudo iptables -A FORWARD -i tun+ -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i enp1s0 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT sudo iptables -P FORWARD DROP Any help much appreciated Thanks Edited May 16, 2020 by cheops2006 Quote Link to comment
ken-ji Posted May 21, 2020 Share Posted May 21, 2020 (edited) This is because you now have two routers/gateways on 192.168.30.0/24 network. and only 192.168.30.1 (is this the Unifi) can talk to 192.168.1.0/24 In situations like this, ideally the VPN VM should also be a gateway to the other networks, but that will probably cause you grief if your Unifi router can't run the VPN client you want, it might be possible to create another VLAN (say 31) 192.168.31.0/24, put the VM there as 192.168.31.254 and make the Unifi route all traffic from 192.168.30.0/0 thru the VPN 192.168.31.254 instead of whatever your ISP gateway is. Not running a Unifi router, so I have no idea how you do this though. Edited May 21, 2020 by ken-ji Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.