Results 1 to 6 of 6

Thread: Openvpn server specific ip

  1. #1
    Join Date
    Aug 2005
    Location
    Sweden
    Beans
    38

    Openvpn server specific ip

    Hi

    I have a bit of a problem.

    I have configure my ubuntu server to act as a openvpn server and all that works just fine and dandy. The only problem i have is with my ip addresses.

    My network configuration is as following:

    eth0 with ip x.x.x.x
    eth0:1 with ip y.y.y.y
    eth0:2 with ip z.z.z.z etc etc

    I want all clients that connects to the server to have the y.y.y.y outgoing ip, and not the ip of eth0.

    How should i proceed with this?

    I tried to configure the server.conf of openvpn with "local y.y.y.y" but that didn't work, and i have tried the following iptables configuration:
    iptables -t nat -A POSTROUTING -j SNAT --to-source y.y.y.y

    That does not seem to work either.

    Does anybody have any idea about what i might do wrong?


    Cheers

  2. #2
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: Openvpn server specific ip

    Can't you just reverse the assignments so that eth0 gets the y.y.y.y address and the aliased interface gets x.x.x.x?
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #3
    Join Date
    Aug 2005
    Location
    Sweden
    Beans
    38

    Re: Openvpn server specific ip

    That's possible but then i would have to change the configuration for all my other applications as well, apache, sendmail etc so i don't think it's a possible solution. Somehow it should be possible to get this going anyway...

  4. #4
    Join Date
    Nov 2008
    Location
    S.H.I.E.L.D. 6-1-6
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Openvpn server specific ip

    Quote Originally Posted by ruvil View Post
    Hi

    I have a bit of a problem.

    I have configure my ubuntu server to act as a openvpn server and all that works just fine and dandy. The only problem i have is with my ip addresses.

    My network configuration is as following:

    eth0 with ip x.x.x.x
    eth0:1 with ip y.y.y.y
    eth0:2 with ip z.z.z.z etc etc

    I want all clients that connects to the server to have the y.y.y.y outgoing ip, and not the ip of eth0.

    How should i proceed with this?

    I tried to configure the server.conf of openvpn with "local y.y.y.y" but that didn't work, and i have tried the following iptables configuration:
    iptables -t nat -A POSTROUTING -j SNAT --to-source y.y.y.y

    That does not seem to work either.

    Does anybody have any idea about what i might do wrong?


    Cheers
    Try
    Code:
    iptables -t nat -A POSTROUTING -s 172.17.0.0/24 -j SNAT --to-source y.y.y.y
    Where 172.17.0.0/24 is your openvpn subnet
    Don't waste your energy trying to change opinions ... Do your thing, and don't care if they like it.

  5. #5
    Join Date
    Aug 2005
    Location
    Sweden
    Beans
    38

    Re: Openvpn server specific ip

    Thanks, but unfortunately it does not seem to work. Maybe i'm missing something in my server.conf?

    Code:
    local y.y.y.y
    port 1194
    proto udp
    dev tun
    ca ca.crt
    cert server.crt
    key server.key
    dh dh1024.pem
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "redirect-gateway def1"
    push "dhcp-option DNS 8.8.8.8"
    keepalive 10 120
    comp-lzo
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3

  6. #6
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: Openvpn server specific ip

    Quote Originally Posted by ruvil View Post
    That's possible but then i would have to change the configuration for all my other applications as well, apache, sendmail etc so i don't think it's a possible solution. Somehow it should be possible to get this going anyway...
    I don't see why. You will still have both interfaces active with the same IP addresses. Requests for SMTP and HTTP traffic will still arrive in the right place and get handled the same way as before. I've used aliased interfaces, and as far as I could tell the assignment of IP addresses was entirely arbitrary.

    I think you should just try reversing the assignments. If something doesn't work, you could switch them back pretty quickly. I seriously do not think you would see any effects on your current services.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •