查看“︁CentOS7 install and configuration OpenVPN”︁的源代码

=info=

=添加iptables转发规则=
<pre>
开启转发
[root@openvpn ~]# vim /etc/sysctl.conf 
net.ipv4.ip_forward = 1
[root@openvpn ~]# sysctl -p

服务器IP 172.18.140.173
(10.8.0.0/24为VPN的网段,eth0 为内网网卡，xxxx 为内网ip ) 

运行 iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE  #添加 iptables 转发规则 改为自己的 10.8.0.0/24吧 

#good 让vpn client 可以 直接内网连接其它内网机器 
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eh1 -j SNAT --to-source 172.18.140.173 

#内网网关为192.168.0.1
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 172.18.140.173 
service iptables save

 iptables -t nat -A POSTROUTING -s 172.18.0.0/24  -j MASQUERADE
 iptables -t nat -A POSTROUTING -s 10.8.0.0/24  -j MASQUERADE
 iptables -t nat -A POSTROUTING -s 172.18.0.0/24 -o eth1 -j SNATA --to-source 172.18.140.173
 iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j SNAT --to-source x.x.x.x
(192.168.0.0/24为VPN的网段,eth1 为外网网卡，xxxx 为外网ip ) 

iptables -L -n  -t nat 

也要注意 docker网络 
</pre>

=see also=
[http://www.yunweipai.com/archives/12375.html 什么是VPN？看运维专家聊聊VPN的那些事儿]

[http://wuhuizhong.iteye.com/blog/2037216 Openvpn完美解决公司网络没有固定公网IP的问题]

[https://www.bbsmax.com/A/n2d9GlZ0JD/ OpenVPN 服务端（pritunl）的一些运维经验]


==install==
[http://www.cnblogs.com/xishuai/p/centos-openvpn.html CentOS 7 安装配置 OpenVPN 客户端]

==iptalbes 转发 ==

[https://blog.csdn.net/windeal3203/article/details/51111543 NAT、用iptables配置NAT]

[http://www.mojidong.com/linux/2016/02/01/vpn-of-iptables/ vpn的iptables配置]

[http://blog.51cto.com/lustlost/943110 IPtables之四：NAT原理和配置]

[https://blog.csdn.net/donghaixiaolongwang/article/details/63263226 iptables——实战NAT（端口转发）]

[https://forum.ubuntu.org.cn/viewtopic.php?f=124&t=473809 VPN或者NAT过来的流量怎么转发到指定端口出去]

[https://unix.stackexchange.com/questions/283801/iptables-forward-traffic-to-vpn-tunnel-if-open iptables forward traffic to vpn tunnel if open]

 [[category:ops]]