Community discussions

 
User avatar
matiaszon
Member
Member
Topic Author
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

VPS + VPN + source IP forwarding

Thu Dec 21, 2017 1:46 am

Here is the situation.

I have successfully set up OpenVPN server on VPS (IP: 1.1.1.1). I have then connected my MikroTik to that server as a client (WAN: 2.2.2.2, LAN: 10.10.10.0/24, Client VPN IP: 10.8.0.101). I have also set up port forwarding on VPS so once you try to connect with 1.1.1.1:2502 you are actually connecting with my server in LAN (IP: 10.10.10.5) on port 2502. OpenVPN knows the routes, so there are following rules in iptables:
*nat
-A PREROUTING -d 1.1.1.1/32 -p tcp -m tcp --dport 2502 -j DNAT --to-destination 10.10.10.5:2502
-A POSTROUTING -d 10.10.10.5/32 -p tcp -m tcp --dport 2502 -j SNAT --to-source 10.8.0.1
This one I found on the following site https://ubuntuforums.org/showthread.php?t=2319289

There is also masquerade set up to allow using OpenVPN to connect with specific IPs in the Internet.
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
On MikroTik I have:
/ip firewall nat
add action=masquerade chain=srcnat comment="Maskarada WAN" out-interface-list=WAN to-addresses=0.0.0.0/0

/interface list
add name=WAN

/interface list member
add interface=BrokNET list=WAN
add interface=OVPN list=WAN

What the problem is?
The problem is, that on my local server 10.10.10.5 all clients connected to that server show their source IP as the IP of OpenVPN server (10.8.0.1) instead of the real ones. I have already tried to change masquerade rule on iptables to:
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j SNAT --to-source 1.1.1.1
but it didn't help. Also tried to do the same with masquerade rule on MikroTik and changed it to:
/ip firewall nat
add action=src-nat chain=srcnat comment="Maskarada WAN" src-address=10.10.10.0/24 to-addresses=10.8.0.101
but this didn't help too.

I will appreciate any help.

Thanks in advance.
 
User avatar
matiaszon
Member
Member
Topic Author
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: VPS + VPN + source IP forwarding

Fri Dec 22, 2017 3:10 pm

I am still trying to find a solution for that, and I was just thinking about setting up a PPPoE server on VPS and redirect the public IP of VPS to my router (actually I need only like 1 tcp port with that IP)? Do you think that would be possible? But what about other clients connecting to OpenVPN running on that VPS? Would they be able to connect to that VPN? Please don't laugh, it is just like thinking aloud.
 
User avatar
matiaszon
Member
Member
Topic Author
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: VPS + VPN + source IP forwarding

Sat Dec 23, 2017 4:47 pm

No one?
 
User avatar
matiaszon
Member
Member
Topic Author
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: VPS + VPN + source IP forwarding

Mon Dec 25, 2017 11:36 pm

80 views and nothing?
 
User avatar
matiaszon
Member
Member
Topic Author
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: VPS + VPN + source IP forwarding

Sat Jan 20, 2018 3:28 pm

up up up

Who is online

Users browsing this forum: MSN [Bot] and 87 guests