This server has 2 IP addresses as follows.
- 11.22.22.44 : primary address & exit ip address
- 11.22.33.55 : secondary address, non-exit ip address, used for openvpn client to connect to
i can ssh to either of the 2 IP addresses.
i want OpenVPN client connect to the server through the secondary address and use the primary address as the exit IP to the Internet.
Wed Jun 24 01:33:28 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Wed Jun 24 01:33:28 2020 library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.10
Wed Jun 24 01:33:28 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 24 01:33:28 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 24 01:33:28 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]11.22.33.55:11194
Wed Jun 24 01:33:28 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Jun 24 01:33:28 2020 UDP link local: (not bound)
Wed Jun 24 01:33:28 2020 UDP link remote: [AF_INET]11.22.33.55:11194
Wed Jun 24 01:33:28 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Wed Jun 24 01:34:28 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 24 01:34:28 2020 TLS Error: TLS handshake failed
Wed Jun 24 01:34:28 2020 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 24 01:34:28 2020 Restart pause, 5 second(s)
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 11.22.00.254 0.0.0.0 UG 0 0 0 eno1
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
11.22.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eno2
11.22.22.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1
ifconfig
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 11.22.22.44 netmask 255.255.255.0 broadcast 11.22.22.255 inet6 fe80::a6bf:1ff:fe25:fa37 prefixlen 64 scopeid 0x20 ether a4:bf:01:25:fa:37 txqueuelen 1000 (Ethernet) RX packets 15354 bytes 1618795 (1.5 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 15482 bytes 2259131 (2.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device memory 0xa2b00000-a2bfffff
eno2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 11.22.33.55 netmask 255.255.255.0 broadcast 11.22.33.255 inet6 fe80::a6bf:1ff:fe25:fa38 prefixlen 64 scopeid 0x20 ether a4:bf:01:25:fa:38 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 46 bytes 2476 (2.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device memory 0xa2900000-a29fffff
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 242274 bytes 13193252 (12.5 MiB) RX errors 0 dropped 1342 overruns 0 frame 0 TX packets 242274 bytes 13193252 (12.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2 inet6 fe80::1e70:64bf:9ce5:78b6 prefixlen 64 scopeid 0x20 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC) RX packets 58 bytes 7715 (7.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 78 bytes 20953 (20.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I got TLS Error after connecting to the secondary address (but worked on primary address). Is there any way to solve this (using iptables?)
