Join Log in
Score:0
avatar Server

iptables keep tracks of source IP address

ru flag
Cal

We have a Strongswan VPN server on Ubuntu 20.04 in AWS. It is used to establish a site-to-site VPN tunnel with a client.

Here's a simple topology diagram: enter image description here

Our VPN server will terminate VPN and NAT traffic to the RDS database server. In order for it to response correctly our VPN server will SNAT the packet with its address, so we basically lost track of the client computer's IP address. And there are multiple client computers.

In this case, how do we properly NAT the response to client?

Thank you for your time.

57
2 + 3
vpn
nat
cn flag
ecdsa
If I understand you correctly, you already have a NAT that maps client IPs to the VPN server's internal IP. So what do you mean with "properly NAT the response to client"?
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
Why are you doing NAT?
0
Reply
ru flag
Cal
@ecdsa the RDS server is not inside of the VPN network so it has to send all return traffic to our VPN server, from there we are supposed to NAT the traffic to client. However at this point we have lost track of the source(client's) IP address, so the server does not know where to send it.
0
Reply
Score:0
Mang LyricKo avatar Server
us flag
Mang LyricKo

I think do you want to use Inverted Split Tunnel VPN? OR inverted full tunnel to your client? so the load and the Nat will be in your client side.

what kind of vpn you use? Site To Site?

0 + 0
Score:0
avatar Server
br flag
Simon Richter

The SNAT will create an entry in the connection tracking table for each flow it translates. The data from this table is automatically applied to the return traffic.

The individual connection is identified by the ephemeral port number assigned to the flow by the NAT translation of the first packet, and the DB server addresses its replies to this port, which is sufficient for finding the original connection data.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.