Help to configure NAT on suse correctly

Hello.
I have a server with suse 42.2 It has WAN IP 172.16.0.26/24 with gateway 172.16.0.1

The server is running openvpn server with network 172.16.2.0/24
I want to route packets from VPN clients to 8.8.8.8 via server.

I’ve added to openvpn server.conf:
push “route 8.8.8.8 255.255.255.255”
and enabled “Address translation” in Yast->Firewall

So, on client i see that route is created:
linux-mb51:/etc/openvpn # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.43.1 0.0.0.0 UG 600 0 0 wlan0
8.8.8.8 172.16.2.9 255.255.255.255 UGH 0 0 0 tun0
172.16.2.0 172.16.2.9 255.255.255.0 UG 0 0 0 tun0
172.16.2.9 * 255.255.255.255 UH 0 0 0 tun0
192.168.43.0 * 255.255.255.0 U 600 0 0 wlan0

Trying to tracert 8.8.8.8:

                        **   Packets**               **Pings**               

** Host** ** Loss% Snt Last Avg Best Wrst StDev**

  1. 172.16.2.1 0.0% 40 48.4 133.9 45.6 459.0 107.7
  2. ???

NAT is not working? What i should to do? Help please.

First,
You should declare whether the IP addresses and address ranges are “sanitized,” ie changed and not real values.

If they are real values, you have a very big problem…
8.8.8.8 like any other address that isn’t within any of the designated Private IP address ranges points to a DNS server on the Internet. You can’t use any addresses that belong to others on the Internet.

The WAN IP address for your NAT router is fine, it also is part of a Class B Private network range.
You then need to select an address range for your router’s LAN. It can be any range of Private Network ranges except for your LAN.

Assuming your NAT router is an openSUSE, you can configure the above and then check the box to allow forwarding to turn your Sever into a NAT router.

Now, if you want to configure your NAT router to also be a VPN beach head, that’s a separate matter, is that really what you want to do? A beach head VPN router automatically routes all your outgoing LAN traffic to a VPN so you don’t have to configure every LAN device individually. The alternative is to configure each LAN device as a VPN client.

So,
I hope this gives you a start by hoping to help you clarify what you are trying to do.
A NAT router by itself is fairly ordinary and not that difficult to set up on openSUSE.
And, setting up an ordinary NAT router is different than setting up a VPN endpoint.
I don’t know if you’re confused by not knowing what a VPN is and thinking that you need to set up openVPN for ordinary Internet connections (that’s not so) or you’re trying to set up some kind of VPN.

TSU

Hello.
I’d tried to send traffic to some hosts via my vpn server to unlock sites which is blocked by our internet provider.

**I’ve found, that NAT doesnt work because there is no openvpn interface (tun0) in Yast->Firewall->Interfaces
So, i’ve added it manually and NAT started.
The Issue is solved =) **