Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
v2t2012-08-16 09:31:28
linux
v2t, 2012-08-16 09:31:28

How to properly configure OpenVPN to route traffic sequentially through two servers?

Good afternoon!

There are 2 servers on the Internet on which OpenVPN is raised. The idea is to route all traffic from clients that connect to server 1 to server 2 and from there to the internet. Clients connect to eth0 of server 1. That is, the scheme is as follows (networks taking into account connections via OpenVPN):

Клиент <--(10.1.0.0/24)--> сервер 1 <--(10.2.0.0/24)--> сервер 2 <--(интернет).

Traffic returns along the same route.

The connection is established without problems, on the first server, respectively, there are two interfaces (tun0 - with the client, tun1 - with server 2). A new default gateway ( push "redirect-gateway def1") is pushed from the first server to the client. How to configure OpenVPN to push the necessary routes with this scheme to the client and server 1 for the correct traffic routing?

Is it correct to add such entries to iptables?
On the first server:
iptables -t nat -A POSTROUTING -s 10.1.0.0/24 -o eth0 -j SNAT --to-source 10.2.0.2

(10.2.0.2 - tun1 on server 1).

On the second server:
iptables -t nat -A POSTROUTING -s 10.2.0.0/24 -o eth0 -j SNAT --to-source EX IP

(EX IP - eth0 on server 2).

Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
E
EvilMan, 2012-08-16
@v2t

It is enough for clients to send the route through the first server (server 1), and configure routing on servers 1 and 2. Nat needs to be configured only on server 2, through which the traffic is already going to the Internet.
On the first server:

ip route add default via <server2-ip> dev tunX table 10
ip rule add from <clients-net> lookup 10 pref 10

On the second server, you will need to configure NAT and register a route to client networks through server 1
ip route add <clients-net> via <server1-ip> dev tunY
iptables -t nat -A POSTROUTING --src <clients-net> -o <extiface> \
  -j SNAT --to-source <extip>

Something like that.

Report
S
smartlight, 2012-08-16
@smartlight

1. Set up routes via ccd on the 1st and 2nd servers.
2. on the 2nd server you configure NAT.
do not forget about FORWARD - it should be in ACCEPT

Report
V
v2t, 2012-08-16
@v2t

EvilMan , thank you smartlight for your answers. Set up, everything works.

Similar questions
U
unlik2018-01-09 04:26:45
How to make a simple calculator? 12Reply
V
Vladimir Yakimov2015-09-09 14:16:55
How to change/remove the recipient of a frozen message in an Exim queue? 1Reply
L
luxter2015-09-09 15:39:39
Remove all packages that have xfce in their name. how? 3Reply
E
elisey4742017-08-14 12:22:24
How and by what algorithm does openwrt distribute traffic between clients? 1Reply
R
Roman Mirilaczvili2020-01-17 12:03:03
How to pass arguments to an external file in Docker? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question