Answer the question
In order to leave comments, you need to log in
How to make a vpn tunnel while keeping the source ip?
There are 2 servers.
The first one has 2 ip addresses.
And there is a second server, it is behind nat.
Both are connected to each other via WireGuard. The first is 10.0.0.1, the second is 10.0.0.2.
My nftables rules look like this:
nft add rule nat POSTROUTING oifname "wg0" masquerade
nft add rule ip nat PREROUTING iifname "eth0" tcp dport {20300-20499} dnat to 10.0.0.2
nft add rule ip nat PREROUTING iifname "eth0" udp dport {20300-20499} dnat to 10.0.0.2
Answer the question
In order to leave comments, you need to log in
The short answer of the captain is obvious: if you do not do address translation on the vpn interface
nft add rule nat POSTROUTING oifname "wg0" masquerade
then address translation will not be carried out and the packets will be sent to the vpn with the original source addresses. What is the technology that can solve this problem
I'm not talking about forwarding the second ip address to a specific computer.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question