From ab1d8e822b545e0e1ec98c566385763f4ba4a1a0 Mon Sep 17 00:00:00 2001
From: Master <master_gitea@gorillamail.biz>
Date: Sat, 22 Mar 2025 17:57:48 +0000
Subject: [PATCH] Add IPTables fixes

---
 setup_openvpn.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/setup_openvpn.sh b/setup_openvpn.sh
index 4eb5c57..373e01a 100755
--- a/setup_openvpn.sh
+++ b/setup_openvpn.sh
@@ -113,6 +113,23 @@ sysctl --system
 echo "Configuring firewall..."
 ufw allow 1194/udp
 ufw allow OpenSSH
+
+# Set up NAT for VPN clients
+echo "Setting up NAT for VPN clients..."
+# Get the primary network interface
+PRIMARY_NIC=$(ip route | grep default | awk '{print $5}')
+echo "Primary network interface: $PRIMARY_NIC"
+
+# Add NAT rules
+iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $PRIMARY_NIC -j MASQUERADE
+iptables -A FORWARD -s 10.8.0.0/24 -m state --state NEW -j ACCEPT
+iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# Make NAT rules persistent
+echo "Making NAT rules persistent..."
+apt-get install -y iptables-persistent
+echo "y" | netfilter-persistent save
+
 echo "y" | ufw enable
 
 # Start OpenVPN service