Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
aromensky2022-02-20 21:59:24
VPN
aromensky, 2022-02-20 21:59:24

How to make a vpn tunnel while keeping the source ip?

There are 2 servers.
The first one has 2 ip addresses.
And there is a second server, it is behind nat.
Both are connected to each other via WireGuard. The first is 10.0.0.1, the second is 10.0.0.2.
My nftables rules look like this:

nft add rule nat POSTROUTING oifname "wg0" masquerade
nft add rule ip nat PREROUTING iifname "eth0" tcp dport {20300-20499} dnat to 10.0.0.2
nft add rule ip nat PREROUTING iifname "eth0" udp dport {20300-20499} dnat to 10.0.0.2

But this does not suit me, because the server will eventually receive everything from the same ip, 10.0.0.1
I'm not talking about forwarding the second ip address to a specific computer.
I may be stupid or repulsed, but there is at least some kind of technology that can solve this problem.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
Z
Zolg, 2022-02-21
@Zolg

The short answer of the captain is obvious: if you do not do address translation on the vpn interface

nft add rule nat POSTROUTING oifname "wg0" masquerade
then address translation will not be carried out and the packets will be sent to the vpn with the original source addresses.
The long answer begins with the words that without setting pbr to 10.0.0.2 (and, of course, allowed ip in the tunnel and firewall rules on both machines), this setup will most likely not work as you want (the main uncertainty is in your Wishlist)

Report
A
AlexVWill, 2022-02-21
@AlexVWill

What is the technology that can solve this problem

What kind of technology is there, the question is what kind of problem do you want to solve, and is it a problem? Well, there are two servers, well, both are connected via WireGuard, so what?
I'm not talking about forwarding the second ip address to a specific computer.

Here I did not understand at all what "forwarding a second ip address to a specific computer" is? Forwarding traffic to a specific port in some subnet - I still understand this, but forwarding ip?
In short, some kind of mess, write in Russian (or in English) and in the correct terms, what is the network topology and what is the specific task?

Similar questions
M
Michael Sne Bjorn Palagin2015-08-12 13:31:58
How to find yourself in activity? Need tips, your experience? 4Reply
T
Toster_User_Habra2019-08-17 09:09:45
How to set up a VPN server on android? 1Reply
D
Dragon Lord2021-03-13 12:39:37
VPN: “your own” vs ready-made solution? 3Reply
T
testdrive2019-08-24 18:44:36
How to set up a VPN server behind a router? 2Reply
A
Agamed2017-03-27 10:23:59
Why can't I use Windows CIFS (Folder Sharing) on ​​the internet without a VPN? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question