Hi all,

I am in a situation where I am trying to setup openVPN to connect our two offices. I have openVPN running at both offices and I can ping each endpoint from the other endpoint.

However, each office has a hardware router that does not support static routes so I need to have a machine, the same machine running openVPN, to serve as a gateway for the office so that all system behind the routers on each end will be able to see all the other systems on each end.

How can I setup a gateway/firewall using iptables so that all traffic intended for the openVPN tunnel gets routed through the tunnel, but all other traffic gets sent to the router normally.

The openVPN machine is just a machine on the internal network that connects to the Internet via a hub and the router.

Unfortunately the current physical network setup cannot be changed as the higher ups want to keep the hardware router as the NAT and firewall device.

I hope I have explained clearly enough to get some suggestions.

Thanks for your time
mdkelly

You could add static routes on all the client machines for the VPN.

If you stop the NAT routing acting as a dhcp server and provide an alternative dhcp server you can give the client machines the ip of the VPN box as their default gateway and set a route on the vpn box that forwards traffic to the NAT router.

You could put two network cards in the VPN box. Put the LAN on one card and the NAT router on the other. Run NAT inside a NAT setup with your own DHCP server on the LAN interface and seperate subnets.

PS this should be in general networking not the wireless section.