OpenVPN Forward Private IP

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
izproximity
OpenVpn Newbie
Posts: 2
Joined: Sat Nov 26, 2022 12:31 pm

OpenVPN Forward Private IP

Post by izproximity » Sat Nov 26, 2022 12:36 pm

Hey there!

I have tried and tried I have been to 100s of websites trying to get this setup

So I have a proxmox box with openvpn-server setup I also have a second nic on the openvpn server box that also connects a bunch of other devices that I need to access remotely.

This is how it is currently laid out on one of connections

ME (OpenVPN Client) -> OpenVPN Server -> Local hosted Nginx (This route is showing the OpenVPN Server private ip instead of the private ip of the OpenVPN Client)
But also
ME (OpenVPN Client) -> OpenVPN Server -> Second Nic -> Device (Haven't fully tested this)

Simple diagram Image

I am trying to retain the private ip address of the user connecting as to do access control further. I can't seem to get it to work. I know that with NAT and masquerade it's not possible do ya'll have any other suggestions?

I've seen this done I am just not sure how to get it complete. Any advise really helps. If you need any more information feel free to request it.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: OpenVPN Forward Private IP

Post by ordex » Tue Nov 29, 2022 10:00 pm

You're right: if you go with NAT/Masquerading, the IP being seen on the service side will be the server (i.e. the host doing NAT).
You want to configure proper routing if you want to retain client IPs.

Start without nat. can you connect to nginx?

izproximity
OpenVpn Newbie
Posts: 2
Joined: Sat Nov 26, 2022 12:31 pm

Re: OpenVPN Forward Private IP

Post by izproximity » Sun Dec 11, 2022 4:20 am

ordex wrote:
Tue Nov 29, 2022 10:00 pm
You're right: if you go with NAT/Masquerading, the IP being seen on the service side will be the server (i.e. the host doing NAT).
You want to configure proper routing if you want to retain client IPs.

Start without nat. can you connect to nginx?
I tried everything but I still cannot seem to ping the nginx box or go to nginx via the vpn

Post Reply