Join Log in
Score:0
Se ven avatar Server

Connecte to VPN server via VPN client which is a NAT instance

jp flag
Se ven

Main question is how to connect to a vpn server via a vpn client which is a NAT instance, let me describe about it.

Scenes 1:

I have a group of service instance(ubuntu 18.04) named A

One instances which i use for NAT instance named B

both group A and instance B are in same vpc, A has no public ip ,B has one pulibc ip, and which i did is use B as a NAT and set SNAT in vpc so group A can access internet by B.

like this:

enter image description here

And for group A which is (10.0.0.0/16). I only draw two instance in A group, but it has many.

so in my service B i add iptables rule: iptables -A POSTROUTING -t nat -s 10.0.0.0/16 -j MASQUERADE

it's worked will.

# ip route show
default via 10.0.1.253 dev eth0 proto dhcp src 10.0.1.157 metric 100 
10.0.1.0/24 dev eth0 proto kernel scope link src 10.0.1.157 
10.0.1.253 dev eth0 proto dhcp scope link src 10.0.1.157 metric 100

Scenes 2:

Like above scenes but now I can't use B's public ip(X) to access internet, replaced by vpn connection(openvpn).

which is:

enter image description here

note that service C is a vpn service instance which I have no control.

and i have client config file which can connect from B to C, and absolutely connection is created. now B can go internet through C, and now in my B service i have

# ip route show
0.0.0.0/1 via 10.8.0.1 dev tun0 
default via 10.0.1.253 dev eth0 proto dhcp src 10.0.1.157 metric 100 
10.0.1.0/24 dev eth0 proto kernel scope link src 10.0.1.157 
10.0.1.253 dev eth0 proto dhcp scope link src 10.0.1.157 metric 100 
10.0.2.0/24 via 10.0.1.157 dev eth0 
10.0.3.0/24 via 10.0.1.157 dev eth0 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2 
{C's public ip address here} via 10.0.1.253 dev eth0 
128.0.0.0/1 via 10.8.0.1 dev tun0

OK, i hope my description is clear;

So, in this case i think what i need to do is deal all about in B service. for instance B, i do forward all traffic from eth0 to tun0, so traffic from eth0 would forward to tun0, and A group should have internet via B:

iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

But is't not worked as i expected. then i debug it by analysis traffic in B roughly. i got infomation that B may get the traffic from A. but without response.

55
0 + 0
vpn
nat
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.