2

I have an OpenVPN server set up on Ubuntu 18.04. Clients connect to the VPN and all traffic is routed through the VPN. The outgoing IP is the same IP the clients connect to.

Now I've added another network interface on a private subnet. I want the clients' outgoing traffic to be routed through that interface so that the outgoing IP will be the external ip of the NAT gateway on the private subnet.

I'm a bit at a loss as I don't know how to configure the routing. If I just increase the metric of eth1 to put it above eth0 then I can no longer connect to the VPN or SSH to the server.

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default ip-172-30-0-1.e 0.0.0.0 UG 100 0 0 eth0 default ip-172-30-10-1. 0.0.0.0 UG 200 0 0 eth1 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 172.30.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 ip-172-30-0-1.e 0.0.0.0 255.255.255.255 UH 100 0 0 eth0 172.30.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 ip-172-30-10-1. 0.0.0.0 255.255.255.255 UH 200 0 0 eth1

enter image description here

Green arrows are what I want to achieve, red is what happens now.

Improve this question

1 Answer 1

Reset to default
1

It seems like a problem of asymmetric routing, I've had these in multi-homed servers before. One reason you can no longer ssh to your server is that the packet comes from on interface but the response goes thru another. If I remember correctly, when sending simple ping to IP A, I received a reply from IP B and it doesn't go well with secure protocols/applications. I solved this using "policy routing"

That article helped me do the trick: 4.1. Simple source policy routing

And here is good article about Asymmetric Routing on Multi-Homed Servers

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.