How to wrap traffic sent to direct ip through vpn network?

A

Anton Shvets2018-12-18 17:49:40

openvpn

Anton Shvets, 2018-12-18 17:49:40

Given:
openvpn server ip 90.90.90.90 ( _VpnServer ) vpn network 10.8.8.0/24
There is a service at 80.80.80.80 ( _Service ) connected to vpn with address 10.8.8.10
There is a client ( _Client ) connected to vpn and wanting to communicate with server.
VPN server is NATed

iptables -t nat -A POSTROUTING -s 10.8.8.0/24 -o ens3 -j MASQUERADE

and in the config there is a route push to _Service clients

push "route 80.80.80.80 255.255.255.255"
client-to-client

What is happening now:
_Client accesses _Service 80.80.80.80, its packets are routed to the vpn network, reach _VpnServer , and there they are released on 80.80.80.80 to the general Internet.
Required :
For packets with the destination "to _Service 80.80.80.80" to reach _VpnServer , and then go further to _Service not through the general Internet, but again through the vpn network, i.e. to IP 10.8.8.10 instead of 80.80.80.80.
So that all traffic to _Service does not leave vpn.
Registered a route, did not help.
How to do it?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vyacheslav Rakhinsky, 2018-12-18
@rakhinskiy

Show iptables -L -n -t nat on vpn server
Perhaps there is a more general rule for NAT that is higher than yours and it works out earlier
And show routing from the client (is there a rule for 80.80.80.80)

D

Dmitry, 2018-12-18
@q2digger

iptables -t nat -I PREROUTING -p all -d 80.80.80.80 -s 10.8.8.0/24 -j DNAT --to 10.8.8.10