Due to our restricted internet in Iran, I need to establish an internet connection through an OpenVPN server-which is located in Iran- and then route all network packets from the VPN clients to another server-which is located on a free and open internet-.
I am a software developer and don't have any deep knowledge in networking. I just know some basics. So, it would be so great if you enlighten me in this problem.
I set up some iptables rules in order to route the packets using NAT. But it won't send any packets to the outside server.
The following are my iptables rules:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere <iran-vps-hostname> udp dpt:<open-vpn-port>
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DNAT tcp -- anywhere <iran-vps-hostname> tcp to:<free-vps-ip>
DNAT udp -- anywhere <iran-vps-hostname> udp to:<free-vps-ip>
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.8.0.0/24 anywhere
SNAT tcp -- anywhere <free-vps-ip> tcp dpt:http to:<iran-vps-ip>
SNAT tcp -- anywhere <free-vps-ip> tcp to:<iran-vps-ip>
SNAT udp -- anywhere <free-vps-ip> udp to:<iran-vps-ip>
As it's obvious, I established an OpenVPN server in my Iran machine and get iptables to accept to OpenVPN port in order to accept OpenVPN clients' connection.
The MASQUERADE rule also is for OpenVPN configuration. The other rules which are PREROUTING and POSTROUTING have been added by myself.
The flow I want to create is as follows:
(my computer(as a vpn client)) <==connects-to==> [IRAN VPS] <==routes-all-network==> [OPEN WORLD VPS]
How can I achieve to this flow?
NOTE: I also established an OpenVPN server on the open world vps, but I cannot connect to it through UDP, and with TCP, it faces to TLS handshaking failure.
