Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
v2t2012-08-16 09:31:28
linux
v2t, 2012-08-16 09:31:28

How to properly configure OpenVPN to route traffic sequentially through two servers?

Good afternoon!

There are 2 servers on the Internet on which OpenVPN is raised. The idea is to route all traffic from clients that connect to server 1 to server 2 and from there to the internet. Clients connect to eth0 of server 1. That is, the scheme is as follows (networks taking into account connections via OpenVPN):

Клиент <--(10.1.0.0/24)--> сервер 1 <--(10.2.0.0/24)--> сервер 2 <--(интернет).

Traffic returns along the same route.

The connection is established without problems, on the first server, respectively, there are two interfaces (tun0 - with the client, tun1 - with server 2). A new default gateway ( push "redirect-gateway def1") is pushed from the first server to the client. How to configure OpenVPN to push the necessary routes with this scheme to the client and server 1 for the correct traffic routing?

Is it correct to add such entries to iptables?
On the first server:
iptables -t nat -A POSTROUTING -s 10.1.0.0/24 -o eth0 -j SNAT --to-source 10.2.0.2

(10.2.0.2 - tun1 on server 1).

On the second server:
iptables -t nat -A POSTROUTING -s 10.2.0.0/24 -o eth0 -j SNAT --to-source EX IP

(EX IP - eth0 on server 2).

Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
E
EvilMan, 2012-08-16
@v2t

It is enough for clients to send the route through the first server (server 1), and configure routing on servers 1 and 2. Nat needs to be configured only on server 2, through which the traffic is already going to the Internet.
On the first server:

ip route add default via <server2-ip> dev tunX table 10
ip rule add from <clients-net> lookup 10 pref 10

On the second server, you will need to configure NAT and register a route to client networks through server 1
ip route add <clients-net> via <server1-ip> dev tunY
iptables -t nat -A POSTROUTING --src <clients-net> -o <extiface> \
  -j SNAT --to-source <extip>

Something like that.

Report
S
smartlight, 2012-08-16
@smartlight

1. Set up routes via ccd on the 1st and 2nd servers.
2. on the 2nd server you configure NAT.
do not forget about FORWARD - it should be in ACCEPT

Report
V
v2t, 2012-08-16
@v2t

EvilMan , thank you smartlight for your answers. Set up, everything works.

Similar questions
C
chuhnevdan2021-04-13 09:38:42
Hello, I have a Django project, the task is the following, there is a csv file, it is necessary to create a table on the page based on it, what is the mistake? 2Reply
M
Makaleks2014-09-16 18:18:57
Why don't static and namespace limit scope? 5Reply
K
Kseesha2022-04-03 12:37:58
How can virtualbox show a different disk partition? 3Reply
G
GGT91522022-04-03 16:22:26
How to dual boot Windows 10 and Solus (GNOME)? 0Reply
V
Vladimir2022-04-03 17:43:40
How to run Bacula on Alpine Linux? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question