• Packet Forwarding の有効化

$ echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
$ sudo sed -i.bak -e 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
$ diff /etc/sysctl.conf{.bak,}
28c28
< #net.ipv4.ip_forward=1
---
> net.ipv4.ip_forward=1

• Firewall 設定 - Uncomplicated Firewall (ufw)

$ sudo ufw allow ssh
$ sudo ufw allow http
$ sudo ufw allow https
$ sudo ufw allow 1194/udp
$ sudo sed -i.bak -e 's/DEFAULT_FORWARD_POLICY=".*"/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
$ diff /etc/default/ufw{.bak,}
19c19
< DEFAULT_FORWARD_POLICY="DROP"
---
> DEFAULT_FORWARD_POLICY="ACCEPT"

設定ファイルの編集

$ sudo vim /etc/ufw/before.rules

先頭に以下を追加。

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0] 
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

有効化と確認。

$ sudo ufw enable
$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
1194/udp                   ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443                        ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)
1194/udp (v6)              ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)