This iptables config will map the 10.8.0.0 IP address to the 54.66.223.254 IP address range to enable the OpenVPN deamon to function. This is what I used when I was using OpenVPN to connect securely to a remote Amazon instance for access to a Linux virtual machine.
# Generated by iptables-save v1.4.21 on Sun Feb 22 04:46:42 2015 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 54.66.223.254 COMMIT # Completed on Sun Feb 22 04:46:42 2015 # Generated by iptables-save v1.4.21 on Sun Feb 22 04:46:42 2015 *filter :INPUT ACCEPT [623:72495] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [604:165720] COMMIT # Completed on Sun Feb 22 04:46:42 2015 |
This can be used easily, just change the IP addresses to suit. This is very useful for SNAT configuration. Follow this guide to get your OpenVPN up and running on your Linux instance.
Regenerating the keys for your OpenVPN server if they have expired is very easy, this posting will tell you how to do this, I set my keys expiration too short by accident, and I had them expire, but this was easy to fix.