Page 1 of 1

OpenVPN + SNAT = broken pipe (IP proxy?)

Posted: Sat Mar 28, 2015 12:59 pm
by clouseau
Hi,

I have a pool of public IP addresses. OpenVPN listens on the 1st one via UDP.
I have some people working for me, they need to have a static IP in my realm.

Anyway, so the idea was to install an OpenVPN server (routing mode), which I did, make it a default route and SNAT their IP to one of the other IPs on one of my public network.

Example:
OpenVPN listening on 1.2.3.1 (public) eth0, clients comming into 192.168.240.6 - .10,14,18...etc

then I SNAT them to one of the other IPs in the public range, like:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.240.6 -j SNAT --to-source 1.2.3.2 <- the next public IP address
and so on

But I get broken pipe(s), so I guess I'm postrouting something that I shouldn't. I have only one ETH port on the server, eth0 (with 126 aliases in the public pool).
Is this doable at all with one interface?

Re: OpenVPN + SNAT = broken pipe (IP proxy?)

Posted: Sun Mar 29, 2015 1:36 pm
by maikcat
broken pipe?

can you post the exact rule and the output you get?

Michael.