Can an OpenVPN client be used as a default gateway for another OpenVPN client?
Posted: Sat Nov 10, 2018 11:25 am
Hello,
I'm using OpenVPN since many years and I think I'm quite familiar with OpenVPN and it's configuration.
Currently I'm trying to use an openvpn client as a default gateway for another openvpn client in the same (openvpn) network (topology subnet). I tried to get this up and running with "client-to-client", without "client-to-client" and normal routing and without "client-to-client" together with policy based routing at the server side. None of these tries were successful. The last try is the reason for my question:
Is it possible (in general) to implement this? An if so, can somebody give me a hint how to do so?
I'm asking because of the current result of the policy based routing, which shows the problem much more clear than the other scenarios:
1. The routing tables of the clients and the server are correct (verified with ip route list, ip route get ... and so on)
2. The clients can reach each other (verified with ping).
3. The server can reach the clients (verified with ping)
4. If the first openvpn client try to ping another system on the internet using using its default gateway (the openvpn server which should choose the second openvpn client as a default route because of the policy based routing I configured), the tun0 device of the openvpn server show the correct traffic (incoming tun0, outgoing tun0), but the second client shows no incoming traffic (tcpdump -i tun0).
Man thanks in advance,
Kei
I'm using OpenVPN since many years and I think I'm quite familiar with OpenVPN and it's configuration.
Currently I'm trying to use an openvpn client as a default gateway for another openvpn client in the same (openvpn) network (topology subnet). I tried to get this up and running with "client-to-client", without "client-to-client" and normal routing and without "client-to-client" together with policy based routing at the server side. None of these tries were successful. The last try is the reason for my question:
Is it possible (in general) to implement this? An if so, can somebody give me a hint how to do so?
I'm asking because of the current result of the policy based routing, which shows the problem much more clear than the other scenarios:
1. The routing tables of the clients and the server are correct (verified with ip route list, ip route get ... and so on)
2. The clients can reach each other (verified with ping).
3. The server can reach the clients (verified with ping)
4. If the first openvpn client try to ping another system on the internet using using its default gateway (the openvpn server which should choose the second openvpn client as a default route because of the policy based routing I configured), the tun0 device of the openvpn server show the correct traffic (incoming tun0, outgoing tun0), but the second client shows no incoming traffic (tcpdump -i tun0).
Man thanks in advance,
Kei