LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-21-2009, 02:15 PM   #1
remote42
LQ Newbie
 
Registered: Jun 2009
Posts: 1

Rep: Reputation: 0
Server with two IP addresses, how do I use the 2nd one for an openvpn tunnel?


Hello,

I've recently got a 2nd IP address for my server. When running ifconfig, I get the following output (let the first IP be xxx.xxx.xxx.xxx and the second IP be yyy.yyy.yyy.yyy):
Code:
eth0      Link encap:Ethernet
          inet addr:xxx.xxx.xxx.xxx  Bcast:zzz.zzz.zzz.255  Mask:255.255.248.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:803 errors:0 dropped:0 overruns:0 frame:0
          TX packets:629 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Memory:88380000-883a0000

eth0:1    Link encap:Ethernet
          inet addr:yyy.yyy.yyy.yyy  Bcast:zzz.255.255.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Memory:88380000-883a0000
I would like to use the 2nd IP for openvpn, meaning all clients should connect to the internet via yyy.yyy.yyy.yyy. My openvpn-server config looks like this:
Code:
local yyy.yyy.yyy.yyy
proto udp
float
port 1149
dev tun
tun-mtu 1500
fragment 1300
mssfix
secret sec.key
ifconfig 10.0.8.1 10.0.8.2
keepalive 5 60
ping-timer-rem
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 1
mute 10
And my openvpn-client config like that:
Code:
remote yyy.yyy.yyy.yyy
port 1149
dev tun
nobind
proto udp
tun-mtu 1500
fragment 1300
mssfix
float
resolv-retry infinite
persist-key
persist-tun
route-method exe
route-delay 2
secret sec.key
ifconfig 10.0.8.2 10.0.8.1
redirect-gateway def1
cipher AES-256-CBC
inactive 604800
keepalive 5 60
ping-timer-rem
comp-lzo
verb 1
Probably most important, I've also configured natting for openvpn:
Quote:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o eth0 -s 10.0.8.0/24 -j MASQUERADE
The odd thing is that all clients show up on the internet via the first IP address xxx.xxx.xxx.xxx (and not via yyy.yyy.yyy.yyy as I intended). I've tested the IP of the clients using e.g. this site.

It seems that the MASQUERADE-target is using the first IP of the interface, meaning xxx.xxx.xxx.xxx instead of the alias yyy.yyy.yyy.yyy.

From studying various documentations on the net, I guess marking the packets from the tun-interface and then testing for the mark could somehow solve the problem. But how do I do that? Can someone give me an example?

Thanks in advance.
 
  


Reply

Tags
iptables, mark, masquerade, openvpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN Tunnel all Traffic trough VPN bdegier Linux - Networking 1 02-25-2009 04:55 PM
What is different between ip tunnel vpn and openvpn ? sgm277 Linux - Server 2 12-24-2008 10:58 PM
OpenVPN route issues, all traffic through VPN tunnel stuartornum Linux - Server 4 03-05-2007 03:07 AM
OpenVPN setup - can ping only one way across VPN tunnel rob_xx17 Linux - Networking 3 04-14-2006 06:36 AM
OpenVPN tunnel problem skyfly Linux - Networking 1 04-11-2006 11:56 PM


All times are GMT -5. The time now is 04:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration