This is what i want to do:
(my client : tun0) -> (SRV1 : tun0 -> SRV1 : tun1) -> (SRV2 : tun1 -> SRV2 : eth0)
these are the configurations:
This is SRV1:
Code: Select all
port 32976
proto udp
dev tun0
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server0.crt
key /etc/openvpn/easy-rsa/pki/private/server0.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
topology subnet
server 10.21.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth /etc/openvpn/server/ta0.key 0
auth-nocache
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
cipher AES-256-CBC
persist-key
persist-tun
Code: Select all
port 50945
proto udp
dev tun1
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server0.crt
key /etc/openvpn/easy-rsa/pki/private/server0.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
topology subnet
server 10.63.0.0 255.255.255.0
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0
auth-nocache
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
cipher AES-256-CBC
persist-key
persist-tun
NOTE: srv1 is a client for srv2.
Also I didn't use `push "redirect-gateway def1 bypass-dhcp"` in SRV2.
First I run these commands:
SRV1:
Code: Select all
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING 10.21.0.0/24 -o tun1 -j MASQUERADE
Code: Select all
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING 10.63.0.0/24 -o eth0 -j MASQUERADE
I guess that adding routing table is a MUST.
would you please help me?
Thanks