Create Debian 7 OpenVPN Client NAT Gateway Router to Local Network
SSH to OpenVPN Access Server
Create PAM user
Log in to OpenVPN Access Server web Admin interface.
Add user
Log out of Access Sever Admin interface.
Log in directly to main Access Server web interface (not Admin) as new user – select Login (not Connect)
Download and install Windows Client.
Download Autologin profile. * Make note as this file will be used below.
Verify connectivity from Windows Client.
PuTTY SSH to Debian Client. – Note using PuTTY as clipboard paste will be used below.
Enable IPv4 forwarding
sudo nano /etc/sysctl.conf
Uncomment the line
# net.ipv4.ip_forward=1
Run the following command to make the change effective without a reboot.
sudo sysctl -w net.ipv4.ip_forward=1
Add iptables rules for NAT to work
sudo nano /etc/rc.local
Make sure the following two lines appear before the exit 0 line in the file.
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE
To make these iptables rules active without rebooting, run the following commands:
sudo iptables -P FORWARD ACCEPT
sudo iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE
Install OpenVPN
sudo apt-get install openvpn
Edit Autologin user profile in Wordpad. Note is is important to use Wordpad as it correctly handles the Unix/Windows character translations. Select all text and copy to clipboard.
sudo nano /etc/openvpn/client.conf
Paste from clipboard via PuTTY. Save.
Configure OpenVPN to start on boot
sudo nano /etc/default/openvpn
Add line
AUTOSTART=”client”
Note you do not add .conf extension, but the file itself must have .conf
Start OpenVPN client
cd /etc/openvpn/
sudo openvpn client.conf
Log into Access Server and verify connection
Reboot
Verify auto start
Ping the VPN server
To access VPN server from local subnet, configure a static route on local lan to client vpn gateway
To access other VPN client gateways, configure a static route on the local LAN to the client VPN gateway. Note, the VPN server will automatically push the required routes to the client for routing to other client gateways.