openvpn user internet access via another openvpn user

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
Lamask
OpenVpn Newbie
Posts: 5
Joined: Fri May 13, 2022 4:19 am

openvpn user internet access via another openvpn user

Post by Lamask » Fri May 13, 2022 11:22 am

Hello.
There is a Debian Open VPN AS with a whitelisted IP, say 3.3.3.3.
There are two openvpn clients on the server: on a computer with Windows 10 and the second one on android. Both clients use NAT and different ISPs to access the Internet. For windows computer let gray IP be 5.5.5.5 and for android let gray IP be 6.6.6.6
How to configure the server and routes so that the android client, when connected, gets access to the Internet through a computer in Windows through IP 5.5.5.5?

Lamask
OpenVpn Newbie
Posts: 5
Joined: Fri May 13, 2022 4:19 am

Re: openvpn user internet access via another openvpn user

Post by Lamask » Fri May 13, 2022 11:50 am

I think I groped black cat in a dark room
https://serverfault.com/questions/87558 ... er-clients

Lamask
OpenVpn Newbie
Posts: 5
Joined: Fri May 13, 2022 4:19 am

Re: openvpn user internet access via another openvpn user

Post by Lamask » Fri May 13, 2022 12:06 pm

1.0.0.0/8
2.0.0.0/7
4.0.0.0/6
8.0.0.0/7
11.0.0.0/8
12.0.0.0/6
16.0.0.0/4
32.0.0.0/3
64.0.0.0/3
96.0.0.0/4
112.0.0.0/5
120.0.0.0/6
124.0.0.0/7
126.0.0.0/8
128.0.0.0/3
160.0.0.0/5
168.0.0.0/8
169.0.0.0/9
169.128.0.0/10
169.192.0.0/11
169.224.0.0/12
169.240.0.0/13
169.248.0.0/14
169.252.0.0/15
169.255.0.0/16
170.0.0.0/7
172.0.0.0/12
172.32.0.0/11
172.64.0.0/10
172.128.0.0/9
173.0.0.0/8
174.0.0.0/7
176.0.0.0/4
192.0.0.0/9
192.128.0.0/11
192.160.0.0/13
192.169.0.0/16
192.170.0.0/15
192.172.0.0/14
192.176.0.0/12
192.192.0.0/10
193.0.0.0/8
194.0.0.0/7
196.0.0.0/6
200.0.0.0/5
208.0.0.0/4
224.0.0.0/4
::/1
8000::/2
c000::/3
e000::/4
f000::/5
f800::/6
fe00::/9
fec0::/10
ff00::/8

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: openvpn user internet access via another openvpn user

Post by openvpn_inc » Fri May 13, 2022 12:08 pm

Hi Lamask,

Access Server isn't really designed to do that. However OpenVPN Cloud is. I suggest you give that a try.

Technically it could also be done with Access Server but then you'd have to do some magic with iptables and multiple routing rules and possibly routing tables to get things done that way. It's not going to be very clean or easy. The way internet redirection works is that the VPN client is told to send all Internet traffic through the VPN tunnel. This then arrives at the Access Server and it will then SNAT this traffic and send it out through its own Internet connection. If you change the routing on Access Server to send all Internet traffic through the VPN tunnel to a second VPN client, the problem is that the tunnel transport itself will go through there as well. So you have to add exceptions to that for each VPN tunnel. And then NAT won't be applied so that's something the Windows client will then have to do. All in all it will get very messy very quickly.

You may be able to achieve what you want with policy-based routing - set up a subnet for a group and based on their origin route the traffic elsewhere. Still have to deal with NAT and such later on.

However OpenVPN Cloud was designed from the ground up to be a purely internal VPN network, and if you need connected VPN devices to access the Internet, you are expected to provide a VPN connected device that is sharing its Internet connection to OpenVPN Cloud. This seems to be exactly what you are looking for.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply