Return OpenVPN Internet clients' traffic to non-default gateway

Question

At home I have an OpenVPN server which is at the same time an OpenVPN client. The purpose is to share one foreign IP address between several devices. In the local network everything works fine since I've set up masquerading for local networks. But if the client is trying to connect from the Internet then it gets screwed since the incoming packets are received via one interface (eth0) but the replies are sent through default gateway (tun1). How do I force those packets to be sent through their original gateway (eth0)?

I've tried the following:

echo "101 ovpntraffic">>/etc/iproute2/rt_tables
ip rule add fwmark 2 table ovpntraffic
ip route add default via 192.168.75.1 dev eth0 table ovpntraffic
iptables -t mangle -A OUTPUT -p udp -m udp --sport 1194 -j MARK --set-mark 2

According to my understanding this should mark all the packets outgoing from port 1194 (which is the port used by the OpenVPN server) with mark 2. Then those packets should be routed according to the table ovpntraffic and end up being sent through gateway 192.168.75.1. But the OpenVPN client still can not establish a connection with the server. What is wrong with the configuration above?

At the same time I can explicitly specify a route for a particular client ip to be routed through eth0. In that case everything works as expected: the client can connect to the OpenVPN server.

Answer 1

I think I've hit similar problem years ago. You can give a shot for:

--multihome

Configure a multi-homed UDP server. This option can be used when OpenVPN has been configured to listen on all interfaces, and will attempt to bind client sessions to the interface on which packets are being received, so that outgoing packets will be sent out of the same interface. Note that this option is only relevant for UDP servers and currently is only implemented on Linux.

Source: http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html