Yes, I know. Ugh!
I have a small office and we're trying to reduce our network expense.
Because of client audit requirements, we run our own mail server, and would like to keep it that way. For that we need two static IPs. So far, we've had a 'StaticIP business plan' with our ISP for our office network. The service has been less than great.
I want to switch the office connection to the cheapest/fastest dynamic plan I can find; lots of options. But this means giving up our static IPs for the mailserver.
We also have a small VPS in the cloud for a simple website. It doesn't have enough resource to host our mailserver, but is DOES have 2 static IPs.
I'd like to set up a 'tunnel' that uses the VPS's static IPs as our publicly-visible IP address for our mailserver, and connects to the actual mailserver -- now on our LAN with NAT behind a dynamic IPv4.
After a LOT of reading, the way I'm thinking of doing this is by using OpenVPN to connect the office's mailserver using a local OpenVPN client to an OpenVPN server running on the VPS -- all over 'static' IPv6 which is provided by a tunnel broker (HE.net), and is independent of our ISP.
I managed to get the IPv6 tunnel setup. And the OpenVPN server & client. I can even make a connection between the two over the IPv6
At this point, I'm stuck -- I'm completely lost in the routing (I think!) needed to get the external IPv4 addresses on the VPS to talk- and listen-to the internal IPv4 addresses the mailserver is listening on over the IPv6 link.
I've found a bunch of articles online, but they all seem to say "just setup a OpenVPN connection between the client and server", not giving much detail at all -- that I can understand, anyway :-( -- and then say nothing about getting the mapping of addresses and inbound & outbound traffic all done.
There's also a firewall in place on both the VPS and the Office router. I haven't even begun to think about what I need to open for the IMAP & SMTP traffic over the VPN ...
Can someone share a doc, or help with a good walk-through of what to do here, and how?
For reference, my network layout is:
------------------------------------
| VPS Server |
| eth0: |
| IPv4 = 172.16.10.100 |
| IPv6 = 2100:...:0444::100 |
| tun1: |
| IPv6 = 2199:...:1 |
------------------------------------
| |
| |
| ---------------------------------
| | eth1: |
| | IPv4 = 172.16.10.63 |
| | IPv6 = 2100:...:0444:2 |
| | |
| | Server-side Gateway |
| | |
| | eth0: (PUBLIC IPs) |
| | IPv4 = x.y.z.63 |
| | IPv6 = 2100:...:0444:1 |
| ---------------------------------
| |
| |
| ----------------
VPN | Internet/WAN |
| ----------------
| |
| |
| ---------------------------------
| | eth0: |
| | IPv4 = a.b.c.24 |
| | IPv6 = 2600:...:0123:1 |
| | |
| | Client-side Gateway |
| | |
| | eth1: |
| | IPv4 = 192.168.1.24 |
| | IPv6 = 2600:...:0123:2 |
| ---------------------------------
| | ------------------------------------
| |-----------------------------| MailServer |
| | | eth0: |
| | | IPv4 = 192.168.1.199 |
| | | IPv6 = 2600:...:0123:199 |
| | ------------------------------------
------------------------------------
| Client |
| eth0: |
| IPv4 = 192.168.1.100 |
| IPv6 = 2600:...:0123:100 |
| tun1: |
| IPv6 = 2699:...:1 |
------------------------------------
and the specific goal is to have message traffic FROM the Internet/WAN targeted at my "PUBLIC IPs" on the VPS
IPv4 = x.y.z.63 port 25
IPv6 = 2100:...:0444:1 port 25
be redirected immediately TO the listening "MailServer", and,
traffic FROM the MailServer be properly routed OUT the "PUBLIC IPs", appearing to originate from those external IPs.
I've been able to get parts of the idea working working following the examples I've found online and in an OpenVPN cookbook, but once I've added the IPv6 tunnel, I've had no luck yet getting the client routes, push routes, etc all set up so traffic flows.