It is currently 23.10.2017 20:54


All times are UTC




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: OpenVPN on different IP address (eth0:1)
PostPosted: 02.01.2010 02:45 
DES
DES

Joined: 02.01.2010 02:42
Posts: 1
Hello

I have a problem with my OpenVPN configuration. I always had one public IP address on my openvpn server, but few days ago I added additional IP (as eth0:1), so I would like to run openvpn on that IP:

Let's assume that my eth0 is 1.2.3.4 and my eth0:1 is 1.2.3.5

server config:
tun-mtu 1500
local 1.2.3.5
ifconfig 10.200.0.1 10.200.0.2
port 5000
proto udp
user nobody
group nogroup
comp-lzo
keepalive 10 60
daemon
verb 0
secret secret.key

client:
dev tun
tun-mtu 1500
ifconfig 10.200.0.2 10.200.0.1
proto udp
remote 1.2.3.5 5000
resolv-retry infinite
nobind
comp-lzo
keepalive 10 60
verb 0
secret secret.key

vpn works fine, it's connecting with eth0:1 1.2.3.5, not 1.2.3.4, but when I try to route my traffic from windows client throughout the vpn, then on the internet I'm still visible as 1.2.3.4, not 1.2.3.5

Can anyone help me with this ? Maybe I'm not so good in routing traffic or iptables nat etc. but I already tried several options and still nothing.

Regards


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN on different IP address (eth0:1)
PostPosted: 02.01.2010 13:23 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
Hello

This is not an OpenVPN related issue. However, as long as you are using NAT for surfing the web, you might be able to use another source IP by setting up a new modified NAT rule, i.e.
Code:
iptables -I POSTROUTING -s 10.200.0.2 -o eth0 -j SNAT --to 1.2.3.5

(iptables doesn't understand alias interfaces so you must leave this to eth0)

_________________
regards,
note
Please take a look at our rules. Besucht mal unsere Wiki !


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN on different IP address (eth0:1)
PostPosted: 07.03.2010 02:39 
DES
DES

Joined: 07.03.2010 01:40
Posts: 3
Did this fix the issue?

Would it also work if running multi concurrent instances of openVPN?

Thx


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN on different IP address (eth0:1)
PostPosted: 08.03.2010 09:10 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
You may use as many OpenVPN instances as you want and may add rules for different source addresses for different instances.

_________________
regards,
note
Please take a look at our rules. Besucht mal unsere Wiki !


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN on different IP address (eth0:1)
PostPosted: 22.03.2010 03:28 
DES
DES

Joined: 07.03.2010 01:40
Posts: 3
So the above would be the easiest way to setup a openVPN roadwarrior 6 user type setup? I would want each user to connect via and be visible via their own unique IP to the internet. With all 6 users able to use the service concurrently.

Also, for each instance of openVPN would I be required to an extra tap interface, all with different IP's?

Thanks for the help.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN on different IP address (eth0:1)
PostPosted: 27.03.2010 12:21 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
Hello

I would suggest using TLS mode, then you don't need more than one OpenVPN instance for all clients.

_________________
regards,
note
Please take a look at our rules. Besucht mal unsere Wiki !


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN on different IP address (eth0:1)
PostPosted: 29.03.2010 06:14 
DES
DES

Joined: 07.03.2010 01:40
Posts: 3
Hi,

So I'd set the 6x clients TUN IP's as:

10.8.0.1
10.8.0.2
10.8.0.3
10.8.0.4
10.8.0.5
10.8.0.6

And the server for all as 10.8.0.10.

Postrouting would look something like:

iptables -I POSTROUTING -s 10.200.0.1 -o eth0 -j SNAT --to 1.2.3.201
iptables -I POSTROUTING -s 10.200.0.2 -o eth0 -j SNAT --to 1.2.3.202
iptables -I POSTROUTING -s 10.200.0.3 -o eth0 -j SNAT --to 1.2.3.203
iptables -I POSTROUTING -s 10.200.0.4 -o eth0 -j SNAT --to 1.2.3.204
iptables -I POSTROUTING -s 10.200.0.5 -o eth0 -j SNAT --to 1.2.3.205
iptables -I POSTROUTING -s 10.200.0.6 -o eth0 -j SNAT --to 1.2.3.206


Would I need to add anything else to the iptables port forwarding that I use right now?

iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --dport 1194 -j ACCEPT

Thanks


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN on different IP address (eth0:1)
PostPosted: 29.03.2010 15:14 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
Hi

10.200.0.x or 10.8.0.x ? :)
Basically that's all. Be aware that the server should be set up to use all the public addresses with alias interfaces (secondary addresses).

_________________
regards,
note
Please take a look at our rules. Besucht mal unsere Wiki !


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net