IPtables redirect IP from VPN

horin

10/1/23, 3:08 PM

I am trying to set up a VPN with iptables redirect. VPN client is a hardware with predefined destination IP to 192.168.0.100. However the real destination IP now is 192.168.30.100 and I cannot change the settings of the hardware. Therefore I am advertising to VPN clients that the server can route 192.168.100.0/24. But at the Ubuntu which hosts the openvpn server I want to redirect those requests to 192.168.0.100 to 192.168.30.100.

I have tried these

iptables -t nat -A PREROUTING -d 192.168.0.100 -j DNAT —-to-destination 192.168.30.100
iptables -t nat -A POSTROUTING -j MASQUERADE

However these settings don’t work. Any suggestions?

0 + 0

nat

iptables

openvpn

Martin

10/1/23, 3:28 PM

We need more information to answer this question. What "hardware client" ? VPN configuration? The iptables rules posted are where exactly, on the vpn server, on the firewall in between? what do you mean via "destination ip"? the IP of the openvpn server? A layout of the involved networks could help...

horin

10/1/23, 3:32 PM

The hardware is embeded pc whhich can only be managed through L2. I do not have an L2 access to it and I am migrating a server so thats why I need to use the old IP. Mentioned IP tables were directly on the ovpn server. There is no firewall in between. Basically I want every request made through vpn with destination IP 192.168.0.100 to be redirected to destination IP 192.168.30.100 (on the ovpn server) without the source (embeded hardware) knowing that this redirect happened.

Martin

10/1/23, 3:35 PM

please post openvpn server configuration and the available network interfaces of the server.

horin

10/1/23, 3:38 PM

I do not have access to the ovpn server at this time (I am not in the office anymore) but there are 3 interfaces available. First is en0 (192.168.50.1) then tun and then loopback. Interface 192.168.50.1 is able to connect to 192.168.30.100 through gateway at 192.168.50.254. At first I tried dnat in outpur chain and it worked but only dorectly at server. When I pinged from ovpn server the IP was redirected correctly. However when the ping originated at embeded hardware it was not redirected for some reason.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: IPtables redirect IP from VPN

TH: IPtables เปลี่ยนเส้นทาง IP จาก VPN

RO: IPtables redirecționează IP de la VPN

RU: IPtables перенаправляет IP из VPN

VI: IPtables chuyển hướng IP từ VPN

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.