-   Linux - Networking (
-   -   Would like to forward requests received on Server in one subnet to server on another (

scheidel21 08-14-2009 09:06 AM

Would like to forward requests received on Server in one subnet to server on another
Hi all, I have been looking for a solution to this since I implemented our new openVPN server at the office. We has been using MS PPTP running from a RAS box but for efficiency, security, and because the RAS PPTP software stopped working. We quickly switched to OpenVPN. That said, we had implemented OpenVPN for one user to a special subnet, however, there is no Public access via WAN to this server, for security purposes and because we don't have an IP address to serve it on, but more because of security; so he would connect to the network by connecting to PPTP VPN then to the openvpn vpn on the other network. This worked because pptp proxied all network traffic. With the new setup though our main VPN is on a network that is 192.168.100.x and the other vpn is on 192.168.168.x Our internal router knows how to route to this 192.168.168.x network, but his Windows PC isn't going to when out of the office connected by VPN, it is not going to see a route to this secondary network and try to use it's default WAN gateway. Now both openVPNs are bridged VPNs for mulitple reasons. So I think I see two solutions to this issue.

1)Push a route the clients saying that the 192.168.168.x network gateway is, not sure if this works in Bridged mode, or how well it will work, plus can you run two OpenVPN sessions at once where one needs to be tunneled over an existing VPN session, this also adds overhead.

2)Have the current Main VPN server listen for requests on the port the other VPN is setup on and then have it forwarded by proxy more or less to the second internal server. Because the gateway on the server machine network does know how to get to this other internal network.

Details about setup running a firewall/gateway with that does one-one WAN IP translation to internal private ips i.e. WAN interface maps to internal anything coming in on that WAN IP gets directed to the internal IP addresses that are mapped. So we have an external IP that maps to our main VPN server. There is no port forwarding so I cannot redirect to the other server on that mapped IP address. So is there anyway to do this?

kbp 08-14-2009 10:19 AM

hi scheidel21,

Not sure if this suits your situation, but how about putting in a bounce box ie.

User connects over vpn1 to bounce box (rdp,ssh,nx etc) then connects over vpn2 to final destination

possible ?


scheidel21 08-14-2009 10:58 AM

That's what option one is, but can I start two openvpn with one that requires session one be open first?

kbp 08-16-2009 09:20 AM

Hi scheidel21,

Sorry, I'm not sure whether you can do that with OpenVPN, please let us know though if you do get it to work,


All times are GMT -5. The time now is 04:55 AM.