0

What I have is

A in my region, and B in another region (both servers are CentOS 7).

The reason of this question is

I can connect from A to B and from B to A, but the final goal is to have internet via B, because it has limitless internet (by limitless I mean no 403 errors).

I'm thinking of this

  • create connection from B to A, then I connect to OpenVPN in A and A sends the packets and grants me a limitless internet over tun0 device to B.

What I am trying to achieve

  1. create a tun0 device in A with subnet 10.8.0.1/24 (which is done so far by this link), and create another tun0 device in B with subnet 10.9.0.1/24 (it doesn't matter if it should be in the same subnet of A.

  2. then connect these two tun devices via ssh (I think they should be able to ping each other private IPs with command line ping -c1 -I tun0 10.8.0.2) (in this case, B should connect to A).

  3. Add an iptables masquerade rule in both servers, so they can mask.

  4. Finally,

What I think should be done

  1. Create a persistent connection from B to A and A to B via tun0 device (I googled but didn't find good results).

  2. Running these two commands in both servers (both main interfaces are eth0 (I think I'm missing something here):

iptables -A FORWARD -i tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  1. If other configurations should be done that I don't know, they're here I believe.

  2. Then I should change the final OpenVPN's client config file like this (from the server trying to connect to another one):

client
dev tun
proto tcp
remote A Port
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
...

What I have done so far

  1. Installed OpenVPN via given link in A

  2. Added new tun0 device in B:

ip addr add 10.9.0.1/24 dev tun0
  1. Ran the masquerade in both servers:
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  1. Enable ipv4.forwarding in both servers and disabled firewall in both servers to be sure that wouldn't cause any problems.

Can you help me how can I do this scenario and have a multihop OpenVPN for myself?

Improve this question
2
  • 1
    You don't need to masquerade on both servers. Only the "B" system where packets exit to Internet needs masquerading on its "wan" interface. Also, NAT is performed by the firewall, so you can't entirely disable it while doing masquerading. Only the "B" server which actually forward packets need forwarding enabled; "A" doesn't do any forwarding. And, you need to make sure that after tunnel is established "A" has a direct route towards "B" and the default gateway is set to the "B"'s tunnel IP address. // I explained this kind of setup several tims on various SE sites, please search better.
    – Nikita Kipriyanov
    Commented Jun 16, 2023 at 8:33
  • @NikitaKipriyanov thanks, I saw your answers on SuperUser and ServerFault both, but couldn't find any question title relating to what I want. Can you help me which question it was to see your answer.
    – Saeed
    Commented Jun 16, 2023 at 15:27

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .