Server Debian 10: how to avoid use of default route

[f-d-m]

Hello,
this is my first post, I have searched without finding, do not hesitate to point me to the right keywords

Here is the context:
I have a dedicated server in a datacentre with one physical network connection.
Debian 10, systemd, ufw, openvpn 2.4.7 from debian repo. The network device is named ens2.

Let's assume that the server's IP is 11.22.33.44/24 with a default gateway 11.22.33.254.

I have purchased an additional IP and configured in /etc/systemd/network/50-default.network
(simply by adding one line: Address=55.66.77.88/32 under Address=11.22.33.44/24)

The second IP address is reported also on ens2 (not on ens2:1 or something like this)

I wish to dedicate the second IP address (55.66.77.88) to outgoing VPN traffic, i.e. that all outgoing connections issued by OpenVPN users originate from that second IP address.

So in the server.conf file, I have added: local 55.66.77.88 in order to force the binding.

As a result, the VPN server listens only on that second IP, but all connections established by the VPN users continue to originate from the primary IP address 11.22.33.44.

Do you see any easy solution for this ?
Thank you

[TinCanTech]

You can do this with (search-term) source NAT .. but also try LARTC.

[f-d-m]

Thanks for the reply. I am not sure that it corresponds to my problem

The following documentation (link below) explains exactly on what interface (IP address) OpenVPN server must bind, it works for incoming connections which are only accepted on that interface, but the traffic is then routed to the public internet from the other IP address.
https://openvpn.net/vpn-server-resource ... pn-daemons

I expected some tweaking in the firewall rules, so that the postrouting could spit out the packets on the interface I choose.

Moreover the 2 IP addresses show on the same interface 'ens2'.

[TinCanTech]

--multihome may be what you need.