enable IP forwarding

sysctl -w net.ipv4.ip_forward=1

iptables

more info

enable NAT

To have internet access for clients.

sudo iptables -t nat -A POSTROUTING -s 10.8.25.0/24 -o eth0 -j MASQUERADE

accept incoming connections

sudo iptables -I INPUT -i eth0 -p tcp --dport 51321 -j ACCEPT

sudo iptables -I INPUT -i eth0 -p udp --dport 51321 -j ACCEPT

port forward

Credits to this post.

sudo iptables -t nat -A PREROUTING -p udp --dport 51321 -j DNAT --to-dest 10.8.25.2:51321

sudo iptables -t nat -A PREROUTING -p tcp --dport 51321 -j DNAT --to-dest 10.8.25.2:51321

Set up source NAT (SNAT) so that from your VPN client’s perspective, the connection is coming from the VPN server.

sudo iptables -t nat -A POSTROUTING -d 10.8.25.2 -p udp --dport 51321 -j SNAT --to-source 10.8.25.1

sudo iptables -t nat -A POSTROUTING -d 10.8.25.2 -p tcp --dport 51321 -j SNAT --to-source 10.8.25.1

The reason for SNAT is because otherwise the VPN client will send its return packets straight to the host which initiated the connection (z.z.z.z) via its default gateway, and not via the VPN interface. Thus the source IP address on the return packets will be default gateway address, and not x.x.x.x. This causes all sorts of problems, since z.z.z.z really initiated the connection to x.x.x.x.

save iptables

sudo service iptables save

list rules

sudo iptables -t nat -L

ping test on client side

ping using the specified interface.

ping -I tun 8.8.8.8

check network connections

sudo netstat -p

route side

policy based routing

See OpenWRT website for more info.

add routing table

vim /etc/iproute2/rt_tables

200   btvpn

create routing rules

ip rule add from 10.8.25.2 table btvpn

create routable rules for table

ip route add default via 10.8.25.1 dev tun1 table btvpn
# allow traceroute
ip route add 10.8.25.0/24 dev tun1 table btvpn
# flush cache
ip route flush cache

debug

# show rules
ip rule list

# show routing table
ip route show table btvpn

open Firewall

allow input from tun1 and output to tun1
enable Masquerading and MSS claming