How could I access internet via I connect to ocserv?
Kevin Cernekee
cernekee at gmail.com
Sun Mar 8 09:34:05 PDT 2015
On Sat, Mar 7, 2015 at 10:58 PM, ChenWulin <chenwulin at haoluo.com.cn> wrote:
> build a ocserv in my Linode server. It has been running successful and I can connect to it with my iPhone app Anyconnect.
>
> I set a web server in my Linode server, and I can access the web server with IP addr '10.10.1.1:8000'
> my iPhone IP addr is '10.10.1.178' after It connect to ocserv.
>
> but I cannot access internet web site with my iPhone now.
>
> I disable ufw, and my iptables has nothing in it.
>
> How could I access the internet after I connect to the ocserv?
FWIW, here are the rules that I use to allow client->internet and
client->client forwarding:
#!/bin/bash
ipt=/sbin/iptables
sysctl --quiet -w net.ipv4.ip_forward=1
$ipt -F FORWARD
$ipt -P FORWARD DROP
$ipt -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
$ipt -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$ipt -A FORWARD -i vpns+ -o eth0 -j ACCEPT
$ipt -A FORWARD -i vpns+ -o vpns+ -j ACCEPT
$ipt -t nat -F POSTROUTING
$ipt -t nat -A POSTROUTING -o eth0 -j MASQUERADE
exit 0
It might be cleaner to access your internal web server through a
well-known IP (e.g. the public IP on eth0, or a dummy IP through an
alias or loopback interface) instead of relying on ocserv's private
addresses.
More information about the openconnect-devel
mailing list