0
I am trying to configure an openvpn client and server to run simultaneously on the same host.
My issue is that once the host is connected to the paid VPN service the external ip of the host changes and I can no longer connect any clients because the external IP changes. I'm sure there are some iptables
rules that could be set to make this work but I can not for the life of me figure it out and google seems to fail me on this topic.
As you can see below I have 2 openvpn Servers setup. tun0
is a split tunnel that only transports dns traffic. tun1
is a full tunnel that transports all traffic.
What i'd like to accomplish is to continue using the 2 servers for clients to connect to and then route all their traffic thru a paid vpn service as well as all routing all traffic originating from the host thru the paid vpn as well. And also continue connecting clients via the external IP address that's provided by the ISP since i can't connect thru external IP issued by the VPN provider.
output from ifconfig
below:
ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1460
inet 10.128.0.3 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::4001:aff:fe80:3 prefixlen 64 scopeid 0x20<link>
ether 42:01:0a:80:00:03 txqueuelen 1000 (Ethernet)
RX packets 19880379 bytes 11032685187 (11.0 GB)
RX errors 0 dropped 0 overruns 0 frame 1
TX packets 19858911 bytes 10608492536 (10.6 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 316267 bytes 30791023 (30.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 316267 bytes 30791023 (30.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.80.0.1 netmask 255.255.255.0 destination 10.80.0.1
inet6 fe80::da15:78ed:962e:9661 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 221242 bytes 15813039 (15.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 201308 bytes 21841590 (21.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.4.43.1 netmask 255.255.255.0 destination 10.4.43.1
inet6 fe80::ee9:1cb5:736c:bd5e prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 4424650 bytes 496438487 (496.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6987658 bytes 8778868723 (8.7 GB)
TX errors 0 dropped 27868 overruns 0 carrier 0 collisions 0
output from openvpn --version
OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 9 2019
library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
Edit:
addition of ip addr
and ip route
as requested by @grawity
ip addr
output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000
link/ether 42:01:0a:80:00:03 brd ff:ff:ff:ff:ff:ff
inet 10.128.0.3/32 scope global dynamic ens4
valid_lft 2073sec preferred_lft 2073sec
inet6 fe80::4001:aff:fe80:3/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.80.0.1/24 brd 10.80.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::c1f5:bd41:aff5:6d36/64 scope link stable-privacy
valid_lft forever preferred_lft forever
4: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.4.43.1/24 brd 10.4.43.255 scope global tun1
valid_lft forever preferred_lft forever
inet6 fe80::5e7e:a8f:95e:c510/64 scope link stable-privacy
valid_lft forever preferred_lft forever
ip route
output
default via 10.128.0.1 dev ens4 proto dhcp metric 100
default via 10.128.0.1 dev ens4 src 10.128.0.3 metric 202
10.4.43.0/24 dev tun1 proto kernel scope link src 10.4.43.1
10.80.0.0/24 dev tun0 proto kernel scope link src 10.80.0.1
10.128.0.1 dev ens4 proto dhcp scope link metric 100
10.128.0.1 dev ens4 scope link src 10.128.0.3 metric 202
sideNote:
can we get the ubuntu-19.04
tag please?
If this is Linux, please instead provide output of
ip addr
(and maybeip route
while you're at it). – user1686 – 2019-05-13T21:16:59.007please see my addition at the bottom of the post. Also this is on Ubuntu 19.04 (Disco Dingo). – mwoolweaver – 2019-05-13T21:24:15.823