Join Log in
Score:1
Omid Shojaee avatar Ubuntu

Route all traffic from one server to another

jm flag
Omid Shojaee

I have two servers.

First one is from a local datacenter. OpenVPN is installed on Ubuntu 22.04. Clients connect to this server and get an IP from 10.8.0.0/8 pool. Clients are configured to redirect their default network gateway through the VPN (push "redirect-gateway def1 bypass-dhcp")

There's another server from Linode with one public IP address. It's a defualt Ubuntu 22.04. Nothing special is installed on it and firewall is not active.

I want all clients connected to the first server to access Internet from the Linode machine over its public IP.

My current configuration of first server is as below:

ip link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether fa:16:3e:90:ac:8e brd ff:ff:ff:ff:ff:ff
    altname enp3s0
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500
    link/none

sudo sysctl -p

net.ipv4.ip_forward = 1

/etc/ufw/before.rules

....
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
....

/etc/default/ufw

....
DEFAULT_FORWARD_POLICY="ACCEPT"
....

I know this is some kind of routing magic but I'm just a newbie so please assist.

1091
2 + 2
in flag
pbhj
Is there a reason you want to do it this way rather than, say, connecting over SSH to the second server directly and so have that act as exit node without having the ingress node?
0
Reply
Omid Shojaee avatar
jm flag
Omid Shojaee
For reasons beyond this topic the local datacenter either blocks outbound SSH or disconnects it every few seconds.
1
Reply
Score:1
Lucas Burlingham avatar Ubuntu
fr flag
Lucas Burlingham

See the answer to this question: https://askubuntu.com/a/461003/1157587

  • First server: Configured as the access point that clients connect to. (Local datacenter)
  • Second server: Egress point for data. (Hosted on Linode)

Start by installing openvpn on the second server; it will be used as the server for the first. A helpful script to do this can be found here: https://github.com/angristan/openvpn-install. Connect from the first server to the second server.

An alternative is to use Tailscale and it's Exit Node feature. I have this running on 5+ machines and all of their traffic goes out a Linode box. It's a polished experience for sure.

+ 1
Omid Shojaee avatar
jm flag
Omid Shojaee
That question is about how to connect to OpenVPN which I already know. Installing OpenVPN on the second server won't work because outbound OpenVPN traffic is blocked in local datacenter. I think what I need is a few ```iptables``` rules.
1
Reply
Score:0
ofirule avatar Ubuntu
th flag
ofirule

I suggest the following:

  1. For the first server you need only to change the routing table so that the second server is the default gateway, maybe the only gateway, if you want that also requests forwarded to internal subnets to go through it. See: Default gateway changing

  2. The second server needs to be configured as a router, which includes configuring a few component, but there are a few guides online. This one looks decent: https://kifarunix.com/configure-ubuntu-20-04-as-linux-router/

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.