Home > Uncategorized > Create Debian 7 OpenVPN Client NAT Gateway Router to Local Network

Create Debian 7 OpenVPN Client NAT Gateway Router to Local Network

SSH to OpenVPN Access Server

Create PAM user

Log in to OpenVPN Access Server web Admin interface.

Add user


Log out of Access Sever Admin interface.

Log in directly to main Access Server web interface (not Admin) as new user – select Login (not Connect)

Download and install Windows Client.

Download Autologin profile. * Make note as this file will be used below.

Verify connectivity from Windows Client.

PuTTY SSH to Debian Client. – Note using PuTTY as clipboard paste will be used below.

Enable IPv4 forwarding

sudo nano /etc/sysctl.conf

Uncomment the line

# net.ipv4.ip_forward=1

Run the following command to make the change effective without a reboot.

sudo sysctl -w net.ipv4.ip_forward=1

Add iptables rules for NAT to work

sudo nano /etc/rc.local

Make sure the following two lines appear before the exit 0 line in the file.

/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE

To make these iptables rules active without rebooting, run the following commands:

sudo iptables -P FORWARD ACCEPT
sudo iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE

Install OpenVPN

sudo apt-get install openvpn

Edit Autologin user profile in Wordpad.  Note is is important to use Wordpad as it correctly handles the Unix/Windows character translations.  Select all text and copy to clipboard.

sudo nano /etc/openvpn/client.conf

Paste from clipboard via PuTTY.  Save.

Configure OpenVPN to start on boot

sudo nano /etc/default/openvpn

Add line


Note you do not add .conf extension, but the file itself must have .conf

Start OpenVPN client

cd /etc/openvpn/
sudo openvpn client.conf

Log into Access Server and verify connection


Verify auto start

Ping the VPN server

To access VPN server from local subnet, configure a static route on local lan to client vpn gateway


To access other VPN client gateways, configure a static route on the local LAN to the client VPN gateway.  Note, the VPN server will automatically push the required routes to the client for routing to other client gateways.


Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: