Server Debian 10: how to avoid use of default route
Posted: Sat Apr 17, 2021 10:07 am
Hello,
this is my first post, I have searched without finding, do not hesitate to point me to the right keywords
Here is the context:
I have a dedicated server in a datacentre with one physical network connection.
Debian 10, systemd, ufw, openvpn 2.4.7 from debian repo. The network device is named ens2.
Let's assume that the server's IP is 11.22.33.44/24 with a default gateway 11.22.33.254.
I have purchased an additional IP and configured in /etc/systemd/network/50-default.network
(simply by adding one line: Address=55.66.77.88/32 under Address=11.22.33.44/24)
The second IP address is reported also on ens2 (not on ens2:1 or something like this)
I wish to dedicate the second IP address (55.66.77.88) to outgoing VPN traffic, i.e. that all outgoing connections issued by OpenVPN users originate from that second IP address.
So in the server.conf file, I have added: local 55.66.77.88 in order to force the binding.
As a result, the VPN server listens only on that second IP, but all connections established by the VPN users continue to originate from the primary IP address 11.22.33.44.
Do you see any easy solution for this ?
Thank you
this is my first post, I have searched without finding, do not hesitate to point me to the right keywords
Here is the context:
I have a dedicated server in a datacentre with one physical network connection.
Debian 10, systemd, ufw, openvpn 2.4.7 from debian repo. The network device is named ens2.
Let's assume that the server's IP is 11.22.33.44/24 with a default gateway 11.22.33.254.
I have purchased an additional IP and configured in /etc/systemd/network/50-default.network
(simply by adding one line: Address=55.66.77.88/32 under Address=11.22.33.44/24)
The second IP address is reported also on ens2 (not on ens2:1 or something like this)
I wish to dedicate the second IP address (55.66.77.88) to outgoing VPN traffic, i.e. that all outgoing connections issued by OpenVPN users originate from that second IP address.
So in the server.conf file, I have added: local 55.66.77.88 in order to force the binding.
As a result, the VPN server listens only on that second IP, but all connections established by the VPN users continue to originate from the primary IP address 11.22.33.44.
Do you see any easy solution for this ?
Thank you