I have set up an instance of OpenVPN Community (and also tried OpenVPN Access Server) in an Azure VM. I have multiple VNets and have peered them according to needs. I use this OpenVPN Instance to securely connect to the other VMs via their Private IPs. People connect to this VM then access the VMs in MZ via their Private IPs.
The problem is that, VMs in the MZ only detect the IP address of the OpenVPN VM and not the actual Virtual IP assigned to clients via the OpenVPN. I am looking for a solution to forward the Source Virtual IP of the Clients to the VMs in MZ when routed through OpenVPN.
Here's my IP tables configuration:
Code: Select all
iptables -t nat -A POSTROUTING -s 172.17.0.0/24 ! -d 172.17.0.0/24 -j SNAT --to 10.0.30.4
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD -s 172.17.0.0/24 -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
server
log-append /var/log/openvpn.log
verb 11
local 10.0.30.4
port 1194
proto udp
management 127.0.0.1 5555
dev tun
ca ca.crt
cert server.crt
key server.key
tls-version-min 1.2
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 172.17.0.0 255.255.255.0
push "route 10.0.0.0 255.255.0.0 vpn_gateway"
ifconfig-pool-persist ipp.txt
keepalive 30 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
crl-verify crl.pem
explicit-exit-notify
remote-cert-tls client
verify-client-cert require
opt-verify
#ecdh-curve
tls-server
To summarize:
VPN IP: 10.0.30.4
Target VM IP: 10.0.0.1
Source Virtual IP of Client: 172.17.0.2
IP Detected by Target VM: 10.0.30.4
Desired IP to be detected by Target VM: 172.17.0.2