Double VPN client->server->clientOpenVPN server will not redirect trafficOpenVPN routing...
chrony vs. systemd-timesyncd – What are the differences and use cases as NTP clients?
What is better: yes / no radio, or simple checkbox?
The need of reserving one's ability in job interviews
Non-Italian European mafias in USA?
Did 5.25" floppies undergo a change in magnetic coating?
Is the set of paths between any two points moving only in units on the plane countable or uncountable?
How to mitigate "bandwagon attacking" from players?
What am I? I am in theaters and computer programs
In the comics Did Thanos "kill" just sentient beings or all creatures with the snap?
I can't die. Who am I?
Difference between 'stomach' and 'uterus'
Are paired adjectives bad style?
Canadian citizen, on US no-fly list. What can I do in order to be allowed on flights which go through US airspace?
Alameda and Belisario throwing a fair die.
Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?
What type of postprocessing gives the effect of people standing out
It took me a lot of time to make this, pls like. (YouTube Comments #1)
When should a commit not be version tagged?
I encountered my boss during an on-site interview at another company. Should I bring it up when seeing him next time?
Is there any relevance to Thor getting his hair cut other than comedic value?
Where is the fallacy here?
How to count occurrences of Friday 13th
Why do members of Congress in committee hearings ask witnesses the same question multiple times?
What if I store 10TB on azure servers and then keep the vm powered off?
Double VPN client->server->client
OpenVPN server will not redirect trafficOpenVPN routing problemConnecting a LAN to an OpenVPN server via a windows 7 client gatewayHow to access a port via OpenVpn onlyVPN Certificate Validation Failed (OpenVPN)? CentOS & UbuntuRoute IP to OpenVPN clientConnect AWS and Azure via OpenVPNHow to get OpenVPN Client (Mikrotik RouterOS) <-> OpenVPN server (Debian/Linux) setup to workiptables mark + ip rule + ip route not workingRouting trafffic from vpn tunnel source to other interface
I'm trying to configure a double vpn. I decided to use a server and a client instead of two servers.
So it has to work like this:
- Client1 and Server are VPS, Client2 is my PC;
- Server redirect all traffic from Client2(my PC) to internet through
itself and Client1(VPS) - Way should be -- Client2(my PC) -> Server(VPS) -> Client1(VPS) ->
Internet
But something is wrong and I am stuck, really don't know what to do.
Here are my .conf files
server.conf
port 1194
proto udp
dev tun0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh2048.pem
tls-auth /etc/openvpn/server/ta.key 0
remote-cert-tls client
auth SHA512
cipher AES-256-CBC
topology subnet
server 10.10.1.0 255.255.255.0
route 10.10.1.2 255.255.255.255 10.10.1.2
route 10.10.1.3 255.255.255.255 10.10.1.3
client-config-dir ccd
push "route 10.10.1.0 255.255.255.0"
keepalive 10 120
persist-key
persist-tun
user nobody
group nogroup
verb 3
log openvpn.log
status openvpn-status.log
ifconfig-pool-persist ipp.txt
sndbuf 0
rcvbuf 0
comp-lzo
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
explicit-exit-notify 1
ccd client1
ifconfig-push 10.10.1.2 255.255.255.0
iroute 10.10.1.3 255.255.255.255 10.10.1.1
push "route 10.10.1.3 255.255.255.255 10.10.1.1"
ccd client2
ifconfig-push 10.10.1.3 255.255.255.0
iroute 10.10.1.2 255.255.255.255 10.10.1.1
push "route 10.10.1.2 255.255.255.255 10.10.1.1"
push "redirect-gateway def1 bypass-dhcp"
push "route-gateway 10.10.1.2"
Client1 & Client2 .conf are the same
client
dev tun0
proto udp
remote (server-ip) 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client1.crt
key /etc/openvpn/client/client1.key
tls-auth /etc/openvpn/client/ta.key 1
auth SHA512
cipher AES-256-CBC
comp-lzo
log client.log
verb 3
sndbuf 0
rcvbuf 0
ip forward is enable on Server(VPS) and Client1(VPS)
1194 port is enable on Server(VPS)
Server(VPS) iptables rules witch I added:
- iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT - iptables -A FORWARD -s 10.10.1.3 -d 10.10.1.2 -m conntrack --ctstate
NEW -j ACCEPT
Client1(VPS) iptables rules witch I added:
- iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT - iptables -I FORWARD -i tun0 -o eth0 -s 10.10.1.0/24 -m conntrack
--ctstate NEW -j ACCEPT - iptables -t nat -I POSTROUTING -o eth0 -s 10.10.1.0/24 -j MASQUERADE
Server(VPS) route table
Client1(VPS) route table
Client2(my PC) route table
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.10.1.1 (10.10.1.1) 144.958 ms 144.932 ms 144.922 ms
2 * * *
3 * * *
...
30 * * *
P.S.
I'm new to linux, trying to self learn it
ubuntu vpn
asked 2 mins ago
neronero
1
New contributor
nero is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I'm trying to configure a double vpn. I decided to use a server and a client instead of two servers.
So it has to work like this:
- Client1 and Server are VPS, Client2 is my PC;
- Server redirect all traffic from Client2(my PC) to internet through
itself and Client1(VPS) - Way should be -- Client2(my PC) -> Server(VPS) -> Client1(VPS) ->
Internet
But something is wrong and I am stuck, really don't know what to do.
Here are my .conf files
server.conf
port 1194
proto udp
dev tun0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh2048.pem
tls-auth /etc/openvpn/server/ta.key 0
remote-cert-tls client
auth SHA512
cipher AES-256-CBC
topology subnet
server 10.10.1.0 255.255.255.0
route 10.10.1.2 255.255.255.255 10.10.1.2
route 10.10.1.3 255.255.255.255 10.10.1.3
client-config-dir ccd
push "route 10.10.1.0 255.255.255.0"
keepalive 10 120
persist-key
persist-tun
user nobody
group nogroup
verb 3
log openvpn.log
status openvpn-status.log
ifconfig-pool-persist ipp.txt
sndbuf 0
rcvbuf 0
comp-lzo
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
explicit-exit-notify 1
ccd client1
ifconfig-push 10.10.1.2 255.255.255.0
iroute 10.10.1.3 255.255.255.255 10.10.1.1
push "route 10.10.1.3 255.255.255.255 10.10.1.1"
ccd client2
ifconfig-push 10.10.1.3 255.255.255.0
iroute 10.10.1.2 255.255.255.255 10.10.1.1
push "route 10.10.1.2 255.255.255.255 10.10.1.1"
push "redirect-gateway def1 bypass-dhcp"
push "route-gateway 10.10.1.2"
Client1 & Client2 .conf are the same
client
dev tun0
proto udp
remote (server-ip) 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client1.crt
key /etc/openvpn/client/client1.key
tls-auth /etc/openvpn/client/ta.key 1
auth SHA512
cipher AES-256-CBC
comp-lzo
log client.log
verb 3
sndbuf 0
rcvbuf 0
ip forward is enable on Server(VPS) and Client1(VPS)
1194 port is enable on Server(VPS)
Server(VPS) iptables rules witch I added:
- iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT - iptables -A FORWARD -s 10.10.1.3 -d 10.10.1.2 -m conntrack --ctstate
NEW -j ACCEPT
Client1(VPS) iptables rules witch I added:
- iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT - iptables -I FORWARD -i tun0 -o eth0 -s 10.10.1.0/24 -m conntrack
--ctstate NEW -j ACCEPT - iptables -t nat -I POSTROUTING -o eth0 -s 10.10.1.0/24 -j MASQUERADE
Server(VPS) route table
Client1(VPS) route table
Client2(my PC) route table
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.10.1.1 (10.10.1.1) 144.958 ms 144.932 ms 144.922 ms
2 * * *
3 * * *
...
30 * * *
P.S.
I'm new to linux, trying to self learn it
ubuntu vpn
asked 2 mins ago
neronero
1
New contributor
nero is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I'm trying to configure a double vpn. I decided to use a server and a client instead of two servers.
So it has to work like this:
- Client1 and Server are VPS, Client2 is my PC;
- Server redirect all traffic from Client2(my PC) to internet through
itself and Client1(VPS) - Way should be -- Client2(my PC) -> Server(VPS) -> Client1(VPS) ->
Internet
But something is wrong and I am stuck, really don't know what to do.
Here are my .conf files
server.conf
port 1194
proto udp
dev tun0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh2048.pem
tls-auth /etc/openvpn/server/ta.key 0
remote-cert-tls client
auth SHA512
cipher AES-256-CBC
topology subnet
server 10.10.1.0 255.255.255.0
route 10.10.1.2 255.255.255.255 10.10.1.2
route 10.10.1.3 255.255.255.255 10.10.1.3
client-config-dir ccd
push "route 10.10.1.0 255.255.255.0"
keepalive 10 120
persist-key
persist-tun
user nobody
group nogroup
verb 3
log openvpn.log
status openvpn-status.log
ifconfig-pool-persist ipp.txt
sndbuf 0
rcvbuf 0
comp-lzo
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
explicit-exit-notify 1
ccd client1
ifconfig-push 10.10.1.2 255.255.255.0
iroute 10.10.1.3 255.255.255.255 10.10.1.1
push "route 10.10.1.3 255.255.255.255 10.10.1.1"
ccd client2
ifconfig-push 10.10.1.3 255.255.255.0
iroute 10.10.1.2 255.255.255.255 10.10.1.1
push "route 10.10.1.2 255.255.255.255 10.10.1.1"
push "redirect-gateway def1 bypass-dhcp"
push "route-gateway 10.10.1.2"
Client1 & Client2 .conf are the same
client
dev tun0
proto udp
remote (server-ip) 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client1.crt
key /etc/openvpn/client/client1.key
tls-auth /etc/openvpn/client/ta.key 1
auth SHA512
cipher AES-256-CBC
comp-lzo
log client.log
verb 3
sndbuf 0
rcvbuf 0
ip forward is enable on Server(VPS) and Client1(VPS)
1194 port is enable on Server(VPS)
Server(VPS) iptables rules witch I added:
- iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT - iptables -A FORWARD -s 10.10.1.3 -d 10.10.1.2 -m conntrack --ctstate
NEW -j ACCEPT
Client1(VPS) iptables rules witch I added:
- iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT - iptables -I FORWARD -i tun0 -o eth0 -s 10.10.1.0/24 -m conntrack
--ctstate NEW -j ACCEPT - iptables -t nat -I POSTROUTING -o eth0 -s 10.10.1.0/24 -j MASQUERADE
Server(VPS) route table
Client1(VPS) route table
Client2(my PC) route table
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.10.1.1 (10.10.1.1) 144.958 ms 144.932 ms 144.922 ms
2 * * *
3 * * *
...
30 * * *
P.S.
I'm new to linux, trying to self learn it
ubuntu vpn
asked 2 mins ago
neronero
1
New contributor
nero is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I'm trying to configure a double vpn. I decided to use a server and a client instead of two servers.
So it has to work like this:
- Client1 and Server are VPS, Client2 is my PC;
- Server redirect all traffic from Client2(my PC) to internet through
itself and Client1(VPS) - Way should be -- Client2(my PC) -> Server(VPS) -> Client1(VPS) ->
Internet
But something is wrong and I am stuck, really don't know what to do.
Here are my .conf files
server.conf
port 1194
proto udp
dev tun0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh2048.pem
tls-auth /etc/openvpn/server/ta.key 0
remote-cert-tls client
auth SHA512
cipher AES-256-CBC
topology subnet
server 10.10.1.0 255.255.255.0
route 10.10.1.2 255.255.255.255 10.10.1.2
route 10.10.1.3 255.255.255.255 10.10.1.3
client-config-dir ccd
push "route 10.10.1.0 255.255.255.0"
keepalive 10 120
persist-key
persist-tun
user nobody
group nogroup
verb 3
log openvpn.log
status openvpn-status.log
ifconfig-pool-persist ipp.txt
sndbuf 0
rcvbuf 0
comp-lzo
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
explicit-exit-notify 1
ccd client1
ifconfig-push 10.10.1.2 255.255.255.0
iroute 10.10.1.3 255.255.255.255 10.10.1.1
push "route 10.10.1.3 255.255.255.255 10.10.1.1"
ccd client2
ifconfig-push 10.10.1.3 255.255.255.0
iroute 10.10.1.2 255.255.255.255 10.10.1.1
push "route 10.10.1.2 255.255.255.255 10.10.1.1"
push "redirect-gateway def1 bypass-dhcp"
push "route-gateway 10.10.1.2"
Client1 & Client2 .conf are the same
client
dev tun0
proto udp
remote (server-ip) 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client1.crt
key /etc/openvpn/client/client1.key
tls-auth /etc/openvpn/client/ta.key 1
auth SHA512
cipher AES-256-CBC
comp-lzo
log client.log
verb 3
sndbuf 0
rcvbuf 0
ip forward is enable on Server(VPS) and Client1(VPS)
1194 port is enable on Server(VPS)
Server(VPS) iptables rules witch I added:
- iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT - iptables -A FORWARD -s 10.10.1.3 -d 10.10.1.2 -m conntrack --ctstate
NEW -j ACCEPT
Client1(VPS) iptables rules witch I added:
- iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT - iptables -I FORWARD -i tun0 -o eth0 -s 10.10.1.0/24 -m conntrack
--ctstate NEW -j ACCEPT - iptables -t nat -I POSTROUTING -o eth0 -s 10.10.1.0/24 -j MASQUERADE
Server(VPS) route table
Client1(VPS) route table
Client2(my PC) route table
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.10.1.1 (10.10.1.1) 144.958 ms 144.932 ms 144.922 ms
2 * * *
3 * * *
...
30 * * *
P.S.
I'm new to linux, trying to self learn it
ubuntu vpn
ubuntu vpn
asked 2 mins ago
neronero
1
New contributor
nero is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 mins ago
neronero
1
New contributor
nero is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 mins ago
neronero
1
New contributor
nero is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 mins ago
neronero
1
asked 2 mins ago
neronero
1
1
New contributor
nero is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
nero is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
nero is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
nero is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f956841%2fdouble-vpn-client-server-client%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
nero is a new contributor. Be nice, and check out our Code of Conduct.
nero is a new contributor. Be nice, and check out our Code of Conduct.
nero is a new contributor. Be nice, and check out our Code of Conduct.
nero is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f956841%2fdouble-vpn-client-server-client%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
