I am trying to configure an openvpn client and server to run simultaneously on the same host.
My issue is that once the host is connected to the paid VPN service the external ip of the host changes and I can no longer connect any clients because the external IP changes. I'm sure there are some iptables rules that could be set to make this work but I can not for the life of me figure it out and google seems to fail me on this topic.
As you can see below I have 2 openvpn Servers setup. tun0 is a split tunnel that only transports dns traffic. tun1 is a full tunnel that transports all traffic.
What i'd like to accomplish is to continue using the 2 servers for clients to connect to and then route all their traffic thru a paid vpn service as well as all routing all traffic originating from the host thru the paid vpn as well.
output from ifconfig below:
ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1460
inet 10.128.0.3 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::4001:aff:fe80:3 prefixlen 64 scopeid 0x20<link>
ether 42:01:0a:80:00:03 txqueuelen 1000 (Ethernet)
RX packets 19880379 bytes 11032685187 (11.0 GB)
RX errors 0 dropped 0 overruns 0 frame 1
TX packets 19858911 bytes 10608492536 (10.6 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 316267 bytes 30791023 (30.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 316267 bytes 30791023 (30.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.80.0.1 netmask 255.255.255.0 destination 10.80.0.1
inet6 fe80::da15:78ed:962e:9661 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 221242 bytes 15813039 (15.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 201308 bytes 21841590 (21.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.4.43.1 netmask 255.255.255.0 destination 10.4.43.1
inet6 fe80::ee9:1cb5:736c:bd5e prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 4424650 bytes 496438487 (496.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6987658 bytes 8778868723 (8.7 GB)
TX errors 0 dropped 27868 overruns 0 carrier 0 collisions 0
output from openvpn --version
OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 9 2019
library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no