How to route OpenVPN client's traffic through another client on the same VPN?

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
amkhlv
OpenVpn Newbie
Posts: 2
Joined: Tue Dec 19, 2017 3:58 am

How to route OpenVPN client's traffic through another client on the same VPN?

Post by amkhlv » Tue Dec 19, 2017 4:18 am

Hi !

I have an OpenVPN server with several clients attached to it.
I want one of the clients to serve as a gateway, in the sense that all the traffic from all other clients should be routed through this special client.
I know how to route through the server, by

Code: Select all

redirect-gateway=def1
But I want to push through one of the clients.
Is it possible to do automatically? Actually, I tried to do it manually, but did not succeed.
I also tried setting

Code: Select all

route-gateway
to the client's address on VPN. Still all goes through the server...
What is the right way?

amkhlv
OpenVpn Newbie
Posts: 2
Joined: Tue Dec 19, 2017 3:58 am

Re: How to route OpenVPN client's traffic through another client on the same VPN?

Post by amkhlv » Tue Dec 19, 2017 9:36 pm

This can be achieved with layer-2 VPN, i.e. using TAP (and not TUN), and configuring routing on the regular client machine as follows:

Code: Select all

ip route add XXX.YYY.ZZZ.WWW via 192.168.1.10 dev eth0

ip route add default via 10.8.0.5 dev tap0

ip route del default via 192.168.1.10
where XXX.YYY.ZZZ.WWW is the address of the VPN server, 192.168.1.10 is the address of the client machine, and 10.8.0.5 the address of the "gateway" client. AFAIK, this has to be done manually, I could not find any automatic push directive like redirect-gateway.

As usual, one should, on the gateway client machine: (1) enable the ip forwarding in /etc/sysctl.conf and (2) add the usual netfilter rules:

Code: Select all

iptables -t nat -I POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
iptables -I FORWARD -i tap0 -o eth0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

satyapasupuleti
OpenVpn Newbie
Posts: 2
Joined: Wed Jul 04, 2018 10:23 am

Re: How to route OpenVPN client's traffic through another client on the same VPN?

Post by satyapasupuleti » Thu Jul 05, 2018 6:59 am

Hi,
Thanks for sharing knowledge, i need same kind of setup. Why it won't work in tun mode....Please help me.

Post Reply