Skip to content

Instantly share code, notes, and snippets.

@mwoolweaver
Created May 6, 2019 02:41
Show Gist options
  • Save mwoolweaver/d70b63f2f522f39f6bf13610b7f6d6f1 to your computer and use it in GitHub Desktop.
Save mwoolweaver/d70b63f2f522f39f6bf13610b7f6d6f1 to your computer and use it in GitHub Desktop.
How to configure openVPN server and client same host?

I am trying to configure an openvpn client and server to run simultaneously on the same host.

My issue is that once the host is connected to the paid VPN service the external ip of the host changes and I can no longer connect any clients because the external IP changes. I'm sure there are some iptables rules that could be set to make this work but I can not for the life of me figure it out and google seems to fail me on this topic.

As you can see below I have 2 openvpn Servers setup. tun0 is a split tunnel that only transports dns traffic. tun1 is a full tunnel that transports all traffic.

What i'd like to accomplish is to continue using the 2 servers for clients to connect to and then route all their traffic thru a paid vpn service as well as all routing all traffic originating from the host thru the paid vpn as well.

output from ifconfig below:

ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1460
        inet 10.128.0.3  netmask 255.255.255.255  broadcast 0.0.0.0
        inet6 fe80::4001:aff:fe80:3  prefixlen 64  scopeid 0x20<link>
        ether 42:01:0a:80:00:03  txqueuelen 1000  (Ethernet)
        RX packets 19880379  bytes 11032685187 (11.0 GB)
        RX errors 0  dropped 0  overruns 0  frame 1
        TX packets 19858911  bytes 10608492536 (10.6 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 316267  bytes 30791023 (30.7 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 316267  bytes 30791023 (30.7 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.80.0.1  netmask 255.255.255.0  destination 10.80.0.1
        inet6 fe80::da15:78ed:962e:9661  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 221242  bytes 15813039 (15.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 201308  bytes 21841590 (21.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.4.43.1  netmask 255.255.255.0  destination 10.4.43.1
        inet6 fe80::ee9:1cb5:736c:bd5e  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 4424650  bytes 496438487 (496.4 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6987658  bytes 8778868723 (8.7 GB)
        TX errors 0  dropped 27868 overruns 0  carrier 0  collisions 0

output from openvpn --version

OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan  9 2019
library versions: OpenSSL 1.1.1b  26 Feb 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment