Server Receives OpenVPN Server IP Address Instead of OpenVPN Client IP Address

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
openvpn-admin
OpenVpn Newbie
Posts: 1
Joined: Mon Jul 27, 2020 9:50 pm

Server Receives OpenVPN Server IP Address Instead of OpenVPN Client IP Address

Post by openvpn-admin » Mon Jul 27, 2020 10:06 pm

Hi,

I have an OpenVPN server set up in one VPC region in AWS (region X). This VPC uses a transit gateway to peer with another VPC in region Y. The OpenVPN server routes traffic from region X to a particular subnet (10.12.0.0/16) in region Y. The OpenVPN server assigns its clients an address in the range (10.4.0.0/17). When this client tries to access a machine in the aforementioned subnet, the source IP address of the client is the IP address of the OpenVPN server (10.1.4.4) instead of the IP address of the OpenVPN client.

In contrast, an OpenVPN server set up in region Y routes traffic to the same subnet and assigns its clients an address in the range (10.9.0.0/17). When a client accesses a machine in this subnet, the source IP address of the client is coming from the client CIDR range (10.9.0.0/17)

Is there any way to ensure that data hitting machines in region Y from clients in region X contain the client CIDR range as the source IP as opposed to the OpenVPN server IP.

OpenVPN server configuration file:

Code: Select all

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.4.0.0 255.255.128.0
ifconfig-pool-persist ipp.txt
push "route 10.12.0.0 255.255.0.0"
push "route-metric 1000"
keepalive 5 120
reneg-sec 360000
ncp-disable
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append openvpn-new.log
verb 3
crl-verify crl.pem
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
management localhost 7505
txqueuelen 1000
client-commons.txt

Code: Select all

client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote SERVER-IP 1194
resolv-retry infinite
nobind
explicit-exit-notify 3
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
key-direction 1
verb 3
reneg-sec 0
IP tables rules

Code: Select all

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  10.4.0.0/17  anywhere
The configuration files are the same in all OpenVPN servers.

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Server Receives OpenVPN Server IP Address Instead of OpenVPN Client IP Address

Post by TinCanTech » Mon Jul 27, 2020 10:34 pm

Do you know what MASQUERADE means ?

Post Reply