Hello!
I need to hide real OpenVPN Server IP in client configuration file. Is there any way to do it?
I set up two Linux servers.
The first one ("PROXY") have real IP address and this address is in the client config.
The second server ("VPN") is a real OpenVPN server that routes clients into the local private network.
I tried to redirect tcp port (as well as a UDP variant with "proto udp" option is server config) from first server to second using iptables:
$IPTABLES -t nat -A PREROUTING -p tcp -i ens192 -d "PROXY IP ADDRESS" --dport 9876 -j DNAT --to-destination "VPN IP ADDRESS"
$IPTABLES -t nat -A POSTROUTING -p tcp --dport 9876 -j MASQUERADE
but client can not connect and I can see this messages in OpenVPN log:
2023-04-26 20:11:12 "PROXY IP ADDRESS":63454 TLS: Initial packet from [AF_INET]"PROXY IP ADDRESS":63454, sid=1b8250fb 21c2a2e0
2023-04-26 20:11:12 "PROXY IP ADDRESS":63454 tls-crypt unwrap error: packet authentication failed
2023-04-26 20:11:12 "PROXY IP ADDRESS":63454 TLS Error: tls-crypt unwrapping failed from [AF_INET]"PROXY IP ADDRESS":63454
It seems that iptables change net packets and openvpn server can not decrypt them.
So the question is: is there any way to set up ONE ip address on client config and redirect this client to second server where OpenVPN actually runs?
Maybe someone has solve this problem?
Forward OpenVPN packets from one server to another
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Apr 26, 2023 5:14 pm