ansible-role-openvpn icon indicating copy to clipboard operation
ansible-role-openvpn copied to clipboard

Published 20 hours ago verified publisher icon kyl191

add option to not configure nat

Open manuelschneider opened this issue 2 years ago • 2 comments

Hi!

First: Thank you so much for all the hours you've spared me setting ovpn up :)

Personally I believe it makes sense, not to NAT outgoing VPN traffic, in order to distinguish different clients, for example in service logs. Thus, a proposal to consider.

Thanks, Manuel

manuelschneider avatar Sep 02 '22 22:09 manuelschneider

This PR is actually useful. On my side the default nat config is not working. I need to forward the trafic from one interface to another. Like this:

# *nat
# :POSTROUTING ACCEPT [0:0]
# -A POSTROUTING -s 30.255.16.0/24 -j MASQUERADE -o ens224
# COMMIT

The default config is based on the ipv4 address

-A POSTROUTING -s {{ openvpn_server_network }}/24 -j SNAT --to-source {{ ansible_default_ipv4.address }}

Sispheor avatar Oct 18 '22 13:10 Sispheor

This PR only handle iptables. It should be placed into firewalld and ufw as well.

Sispheor avatar Oct 18 '22 13:10 Sispheor