Hello, i want to tunnel all of my traffic from one client to another client. I want to use my end client as a gateway to the internet (all udp and tcp traffic goes out through taht client).. here is the setup below.
client 1:
Wan IP X.x.x.220
vpn ip: 172.20.0.5
AS Server
Wan IP X.x.x.154
vpn ip: 172.20.0.6
client 2:
Wan IP: x.x.x.54
vpn ip: 172.20.0.7
client1, AS server, and client2 are all in different locations ( not on the same wan). They can all talk to each other right now but i basically connect to the vpn network in client1 to my AS server... but i want to then tunnel all traffic from client 1 through client 2. (so that the wan ip in client 1 on an ip check for example appears as client 2). This has to tunnel udp and tcp traffic. Currently, i can only get client 1 to tunnel traffic through the AS Server... what im looking for is that final step to tunnel traffic out of client 2.
Tunnel all traffic client -> AS -> client
-
ambush276
- OpenVpn Newbie
- Posts: 1
- Joined: Tue May 18, 2021 4:27 pm
-
chilinux
- OpenVPN Power User
- Posts: 156
- Joined: Thu Mar 28, 2013 8:31 am
Re: Tunnel all traffic client -> AS -> client
There are a number of way of accomplishing what you want while running OpenVPN but they involve additional changes on client 2 that aren't part of OpenVPN itself.
You didn't specify what operating system client 2 is running. So for the sake of example, let's assume client 2 is running a Linux distribution.
If that is the case then you can use iptables on client 2 to enable NAT. Then on client 1 modify the routing tables accordingly.
Instead if client 2 is running an OpenSSH server, you can use the -D flag on client 1's SSH client to enable SOCKS proxying through client 2. Then set any SOCKS protocol aware software to use the proxy on localhost.
Instead if client 2 is running Apache web server, you can configure mod_proxy to allow HTTP proxy aware software on client 1 to proxy through.
There are numerious other ways to do this. However, as soon as 172.20.0.5 can connect to 172.20.0.7 then everything AS is designed to do is done. What you choose to do with that connection is up to you. There are probably other forums that can better recommend what to run/configure on client 2.
You didn't specify what operating system client 2 is running. So for the sake of example, let's assume client 2 is running a Linux distribution.
If that is the case then you can use iptables on client 2 to enable NAT. Then on client 1 modify the routing tables accordingly.
Instead if client 2 is running an OpenSSH server, you can use the -D flag on client 1's SSH client to enable SOCKS proxying through client 2. Then set any SOCKS protocol aware software to use the proxy on localhost.
Instead if client 2 is running Apache web server, you can configure mod_proxy to allow HTTP proxy aware software on client 1 to proxy through.
There are numerious other ways to do this. However, as soon as 172.20.0.5 can connect to 172.20.0.7 then everything AS is designed to do is done. What you choose to do with that connection is up to you. There are probably other forums that can better recommend what to run/configure on client 2.