Join Log in
Score:0
Pejman Ghasemi avatar Ubuntu

How to forward all or part of openvpn server traffic to another server through SSH tunnel?

sl flag
Pejman Ghasemi

I need to route all OpenVPN client traffic from Server A to Server B via SSH tunnel.


 Client                       Server A                                     Server B
-------------------      -----------------------                         -----------------------
| OpenVPN Client  |      | Ubuntu Server 20    |                         | Ubuntu Server 20    |
| Windows 10      |----->| Local Datacenter    |--SSH Tunnel(PORT 22)--->| External Datacenter |
| OpenVPN Connect |      | IP: a.b.c.d (1xNIC) |                         | IP: w.x.y.z (1xNIC) |
|                 |      | OpenVPN Server      |                         |                     |
-------------------      -----------------------                         -----------------------

I have no idea about how to do it. But I already installed openvpn server on server A with below configuration:

port 443
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_q8X7N8fjPSybMPNE.crt
key server_q8X7N8fjPSybMPNE.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

Iptables configuration:

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  10.8.0.0/24          0.0.0.0/0
417
1 + 0
ssh
vpn
Score:0
varshneydevansh avatar Ubuntu
cn flag
varshneydevansh

I did some working with distributed systems and networking back in 2017 and hopefully could guide you in the right direction.

  1. See to route all OpenVPN client traffic from Server A to Server B via SSH tunnel, you will need to set up a route on Server A that directs traffic destined for the external network to the SSH tunnel.
ssh -L 1194:localhost:1194 user@w.x.y.z

Replace "user" with your SSH user and "w.x.y.z" with the IP address of Server B. This command will create an SSH tunnel that forwards traffic from Server A's port 1194 to Server B's port 1194.

  1. Now modify the OpenVPN server configuration on Server A to use the tunnel:
push "route w.x.y.z 255.255.255.255 20.0.0.1"

Replace "w.x.y.z" with the IP address of the external network you want to reach via Server B's Internet connection and "20.0.0.1" with the IP address of the tunnel endpoint on Server A.

  1. And finally all you have to do is Restart the OpenVPN service on Server A.
sudo systemctl restart openvpn

Hope you might find this helpful.

+ 1
Pejman Ghasemi avatar
sl flag
Pejman Ghasemi
Thank you very much, But I don't understand 20.0.0.1 . Do you use another openvpn on External datacenter?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.