Hello,
this is my first post, I have searched without finding, do not hesitate to point me to the right keywords
Here is the context:
I have a dedicated server in a datacentre with one physical network connection.
Debian 10, systemd, ufw, openvpn 2.4.7 from debian repo. The network device is named ens2.
Let's assume that the server's IP is 11.22.33.44/24 with a default gateway 11.22.33.254.
I have purchased an additional IP and configured in /etc/systemd/network/50-default.network
(simply by adding one line: Address=55.66.77.88/32 under Address=11.22.33.44/24)
The second IP address is reported also on ens2 (not on ens2:1 or something like this)
I wish to dedicate the second IP address (55.66.77.88) to outgoing VPN traffic, i.e. that all outgoing connections issued by OpenVPN users originate from that second IP address.
So in the server.conf file, I have added: local 55.66.77.88 in order to force the binding.
As a result, the VPN server listens only on that second IP, but all connections established by the VPN users continue to originate from the primary IP address 11.22.33.44.
Do you see any easy solution for this ?
Thank you
Server Debian 10: how to avoid use of default route
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Apr 17, 2021 9:35 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Server Debian 10: how to avoid use of default route
You can do this with (search-term) source NAT .. but also try LARTC.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Apr 17, 2021 9:35 am
Re: Server Debian 10: how to avoid use of default route
Thanks for the reply. I am not sure that it corresponds to my problem
The following documentation (link below) explains exactly on what interface (IP address) OpenVPN server must bind, it works for incoming connections which are only accepted on that interface, but the traffic is then routed to the public internet from the other IP address.
https://openvpn.net/vpn-server-resource ... pn-daemons
I expected some tweaking in the firewall rules, so that the postrouting could spit out the packets on the interface I choose.
Moreover the 2 IP addresses show on the same interface 'ens2'.
The following documentation (link below) explains exactly on what interface (IP address) OpenVPN server must bind, it works for incoming connections which are only accepted on that interface, but the traffic is then routed to the public internet from the other IP address.
https://openvpn.net/vpn-server-resource ... pn-daemons
I expected some tweaking in the firewall rules, so that the postrouting could spit out the packets on the interface I choose.
Moreover the 2 IP addresses show on the same interface 'ens2'.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Server Debian 10: how to avoid use of default route
--multihome may be what you need.