Server Fault Asked by melka on January 24, 2021
I have two OpenVPN servers at different location.
Each machine in one location can ping and connect to every machine in the other location.
My problem is when I use SSH to connect from machine A in location 1 to machine B in location 2 and check machine B‘s auth.log, I see the connection is come from the location 2 OpenVPN IP (10.0.0.2).
This are my OpenVPN settings and network structure.
Firewall rules:
Machine A
iptables -t filter -A FORWARD -i tun0 -o eth1 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j SNAT --to-source 10.0.0.1
iptables -A FORWARD -i tun0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
Machine B
iptables -t filter -A FORWARD -i tun0 -o eth1 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j SNAT --to-source 10.0.0.2
iptables -A FORWARD -i tun0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
Both OpenVPN servers have two physical interface; eth0-external & eth1-LAN, as well as OpenVPN tun0.
I think my problem is that I use NAT but I don’t know how to route correctly. I need the real source machine IP.
So, in the case above, I would like to see the LAN IP (10.3.0.100) of machine A in machine B‘s auth.log when A is connecting to B.
Thank you for your help!
I solved my problem and now it's work for me. I changed the iptables rules both machine to this:
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth1 -j MASQUERADE
iptables -t filter -A FORWARD -i tun0 -o eth1 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o tun0 -j ACCEPT
Answered by melka on January 24, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP