I have VPN network based CentOS 8 with OpenConnect Package. I need to allow VPN clients to use their local internet for browsing instead of server side. Currently all VPN clients utilising server side internet for browsing.
ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 2c:27:d7:19:03:4a brd ff:ff:ff:ff:ff:ff inet 200.200.200.3/24 brd 200.200.200.255 scope global dynamic noprefixroute eno1 valid_lft 84701sec preferred_lft 84701sec inet6 fe80::c53b:410a:9d0f:cc5b/64 scope link noprefixroute valid_lft forever preferred_lft forever6: vpns0: <POINTOPOINT,UP,LOWER_UP> mtu 1434 qdisc fq_codel state UNKNOWN group default qlen 500 link/none inet 10.10.10.1 peer 10.10.10.76/32 scope global vpns0 valid_lft forever preferred_lft forever inet6 fe80::8da5:409d:a886:5bfb/64 scope link stable-privacy valid_lft forever preferred_lft foreverip route
default via 200.200.200.1 dev eno1 proto dhcp metric 100 10.10.10.76 dev vpns0 proto kernel scope link src 10.10.10.1 200.200.200.0/24 dev eno1 proto kernel scope link src 200.200.200.3 metric 100firewall-cmd --list-all
public (active) target: default icmp-block-inversion: no interfaces: eno1 sources: services: cockpit dhcpv6-client http https ipsec ssh ports: 500/udp 4500/udp 443/tcp 443/udp 80/tcp protocols: forward: no masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: rule protocol value="ah" accept rule protocol value="esp" accept rule family="ipv4" source address="10.10.10.0/24” masqueradenetstat -rn
Destination Gateway Genmask Flags MSS Window irtt Iface0.0.0.0 200.200.200.1 0.0.0.0 UG 0 0 0 eno110.10.10.76 0.0.0.0 255.255.255.255 UH 0 0 0 vpns0200.200.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1