in via public if, to access internet via private NAT'd if

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
zxdavb
OpenVpn Newbie
Posts: 2
Joined: Sat Feb 18, 2012 10:21 pm

in via public if, to access internet via private NAT'd if

Post by zxdavb » Sat Feb 18, 2012 10:45 pm

Hi,

I want to configure OpenVPN Access Server on my VPS: a KVM running Ubunto 10.04 LTS, with a very vanilla configuration. OpenVPN-AS is likewise installed with only minimal 'flavour'.

The server has two interfaces (both DHCP, eth1 does not have a default gateway configured, but there's one available):
- eth0 (a public IP address that IS NOT geolocated in the US), and
- eth1 (a private IP address that can NAT via a router that IS geolocated in the US)

Most traffic, including the OpenVPN tunnel (UDP/1194) come in via eth0, but the tunnelled clients should go 'out' via eth1, to get the benefit of a US-based IP address.

I think there are two separate issues:
1) configuring IP so there's a gateway for tunneled clients to leave via the NAT router
2) configuring OpenVPN-AS so the clients use that gateway for internet access

The file /etc/network/interfaces is a follows:

Code: Select all

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

# The internal (private) network interface
auto eth1
iface eth1 inet dhcp
  up   ip route add default via 172.16.0.254  dev eth1  table 100
  down ip route del default via 172.16.0.254  dev eth1  table 100
  up   ip rule  add        from 172.16.0.0/16 iif eth1 lookup 100
  down ip rule  del        from 172.16.0.0/16 iif eth1 lookup 100
  up   iptables -t nat -A POSTROUTING -s 5.5.0.0/20 -j SNAT --to-source 172.16.191.125
  down iptables -t nat -D POSTROUTING -s 5.5.0.0/20 -j SNAT --to-source 172.16.191.125
The network is as follows:

Code: Select all

root@us-tunnel:~# ifconfig | grep -A 1 encap
as0t0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:5.5.0.1  P-t-P:5.5.0.1  Mask:255.255.248.0
--
as0t1     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:5.5.8.1  P-t-P:5.5.8.1  Mask:255.255.248.0
--
eth0      Link encap:Ethernet  HWaddr 00:16:3c:34:01:20
          inet addr:209.141.60.114  Bcast:209.141.60.255  Mask:255.255.255.0
--
eth1      Link encap:Ethernet  HWaddr 00:16:3c:55:84:81
          inet addr:172.16.191.125  Bcast:172.16.255.255  Mask:255.255.0.0
--
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
The route table is as follows:

Code: Select all

root@us-tunnel:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
209.141.60.0    *               255.255.255.0   U     0      0        0 eth0
5.5.0.0         *               255.255.248.0   U     0      0        0 as0t0
5.5.8.0         *               255.255.248.0   U     0      0        0 as0t1
172.16.0.0      *               255.255.0.0     U     0      0        0 eth1
default         209.141.60.1    0.0.0.0         UG    100    0        0 eth0
Top
Post Reply

Return to “The OpenVPN Access Server”