On 26.07.23 07:44, Jason Long wrote:
I just created a virtual NIC and all the iptables rules that I did for a real NIC, I did for this virtual NIC too. Consider an OpenVPN server that has one NIC with three public IPs and you want to run an OpenVPN server.conf file for each IPs. You must set these three public IPs on your NIC and then launch your OpenVPN server.
First off, *your* VPN server *doesn't* have public IPs; you've shown us the interface settings, and there were subnets of 10.0.0.0/8 in use. That's why I still think that your Internet access has an intervening NAT box that you haven't told us about yet.
Second, here you're talking about the actual VPN connections that the clients make *to* the VPN server itself. Yes, if those three IPs (with whatever ports) are reachable from the Internet (the server's routing table may still be relevant here), that'll work.
What we were talking about in the previous mail, however, was what SRC IPs the clients' traffic *through* the server will get set as they get MASQUERADEd upon exiting the server, and whether routing table and iptables' filter rules agree with *that*.
Are my iptables rules wrong?
Maybe. You've shown us only what you *actively changed* (no info on the chains' policies, for example), and the question what SRC IP the through traffic is MASQUERADEd to (to compare that with the filter rules) is still open.
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
