Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
shershennm2016-08-04 11:23:39
openvpn
shershennm, 2016-08-04 11:23:39

How to organize OpenVPN connection through eth0 network access through eth1?

Given: Ubuntu 14.04 Instance on Amazon EC2 with 2 network interfaces, each tied to an Elastic IP. 2 network interface access via eth1 and configured according to this guide . OpenVPN is configured automatically by this thing . OpenVPN is accessible via eth0 IP, but not via eth1, although everything else is accessible via it (ssh, nginx, etc.).
Tried to try OpenVPN bridge, but didn't help.
Tell me which way to dig. Thank you.
OpenVPN config:

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.0.2"
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

route-n:
0.0.0.0         192.168.0.1      0.0.0.0         UG    0      0        0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth0
192.168.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth1

ifocnfig:
eth0      Link encap:Ethernet  HWaddr 06:08:94:fb:5e:99  
          inet addr:192.168.6.101  Bcast:192.168.15.255  Mask:255.255.240.0
          inet6 addr: xxxx::408:94ff:fefb:5e99/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
          RX packets:63138 errors:0 dropped:0 overruns:0 frame:0
          TX packets:49344 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:35175048 (35.1 MB)  TX bytes:17629611 (17.6 MB)

eth1      Link encap:Ethernet  HWaddr 06:94:df:32:9f:dd  
          inet addr:192.168.14.69  Bcast:0.0.0.0  Mask:255.255.240.0
          inet6 addr: xxxx::494:dfff:fe32:9fdd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
          RX packets:5810 errors:0 dropped:0 overruns:0 frame:0
          TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:324810 (324.8 KB)  TX bytes:25630 (25.6 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:14254 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13198 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:4902816 (4.9 MB)  TX bytes:8105152 (8.1 MB)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
SergeySL, 2016-08-04
@shershennm

What does lsof -ni4 show | grep 1194?

Report
S
silverjoe, 2016-08-04
@silverjoe

Can be explicitly specified. https://openvpn.net/index.php/open-source/document...
# Which local IP address should OpenVPN
# listen on? (optional)
;local abcd

Report
N
noname-ded, 2019-11-19
@noname-ded

you can use simple iptables rules, do everything from under root:
in the openvpn server config /etc/openvpn/server.conf, explicitly specify the ip of the eth0 network card, add a line to it, for example:
local 95.195.25.15
then see what's going on in iptables you can use the command
iptables-save > iptables.txt
you need to delete the old rules related to the tun interface and add new ones:
iptables -I INPUT 1 -i eth0 -p udp --dport 1194 -j ACCEPT
iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o eth1 -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i eth1 -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o eth1 -j ACCEPT
ps
By the way, to install openvpn it is better to use the script from angristan'a
https://github.com/angristan/openvpn-install
his script saves all routing rules (iptables) to the file /etc/iptables/add-openvpn-rules.sh
and in it it is convenient to edit them, after rebooting they will be pulled up automatically ..

Similar questions
E
Evgeny Koryakin2019-03-09 11:44:12
How to access the server exclusively through OpenVPN? 1Reply
S
SachaDerr2014-10-21 17:48:24
How to work with SSH and OpenVPN client at the same time? 1Reply
X
xsash2016-10-27 12:38:11
Where in Europe to raise a VPN? 12Reply
K
Konstantin2016-11-03 13:12:47
How to force traffic to go through the OpenVPN server? 1Reply
E
Evgeny702014-11-13 13:57:37
Mikrotik OVPN client? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question