0

Thanks for taking the time to help me out. I'm trying to setup a routing between the traffic I get from my PPTP VPN Service on (ppp0) and route it to my OpenVPN (tun0) Interface. I have tried multiple solutions from various answers on the past couple of days, and have so far been unable to get it working.

What I'm Trying to Achieve

My Device -> ppp0 -> tun0 -> Internet

OpenVPN Client Configuration

I've added route-noexec to ensure I can SSH into the server without the client overwriting the IP tables.

client
dev tun
proto tcp
remote 185.244.215.195 443
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
verify-x509-name CN=us-ca90.nordvpn.com

remote-cert-tls server

auth-user-pass
route-noexec

My Current IP Tables Setup

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE && iptables-save
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.1/24 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface tun0 -j ACCEPT

Further Debug Information

Using the above I can go ahead and ping my server at it's DHCP Assigned IP of 10.0.0.50 and on the Server I can go ahead and do curl --interface tun0 ipinfo.io and it's working with the OpenVPN Tunnel.

Gateway: 10.0.0.1 Local IP: 10.0.0.50

ip route show

default via 10.0.0.1 dev enp0s6 proto dhcp src 10.0.0.50 metric 100 
10.0.0.0/24 dev enp0s6 proto kernel scope link src 10.0.0.50 metric 100 
10.0.0.1 dev enp0s6 proto dhcp scope link src 10.0.0.50 metric 100 
10.0.0.100 dev ppp0 proto kernel scope link src 10.0.0.1 
10.7.0.0/16 dev tun0 proto kernel scope link src 10.7.0.7 
169.254.0.0/16 dev enp0s6 scope link 
169.254.0.0/16 dev enp0s6 proto dhcp scope link src 10.0.0.50 metric 100 
169.254.169.254 via 10.0.0.1 dev enp0s6 proto dhcp src 10.0.0.50 metric 100

iptables-save output

root@instance-20231012-1109:/home/ubuntu# ./build-tun0.sh
# Generated by iptables-save v1.8.7 on Fri Oct 13 05:33:11 2023
*filter
:INPUT ACCEPT [103:10600]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [64:53484]
COMMIT
# Completed on Fri Oct 13 05:33:11 2023
# Generated by iptables-save v1.8.7 on Fri Oct 13 05:33:11 2023
*nat
:PREROUTING ACCEPT [5796:1077692]
:INPUT ACCEPT [3072:143043]
:OUTPUT ACCEPT [247:17909]
:POSTROUTING ACCEPT [40:3581]
-A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
# Completed on Fri Oct 13 05:33:11 2023
Improve this question
5
  • 1
    I think you really mean to an OpenVPN server that someone else operates? Please share the full output of iptables-save. Also make sure you have enabled IP forwarding with sysctl.
    – Tom Yan
    Commented Oct 13, 2023 at 5:30
  • @TomYan Thank You so much for helping me out, I have added the iptables-save output, and I have also made sure that net.ipv4.ip_forward=1 is enabled. If I change my configuration to enp0s6 instead of tun0 it works.
    – Muneeb Ahmad Khurram
    Commented Oct 13, 2023 at 5:35
  • 1
    Actually, assuming the traffics from the pptp are for the Internet (i.e., you want to use the openvpn server the pptp server is connected to as the Internet gateway for the pptp client), you'll need a default route that uses tun0 anyway. If you need to "split tunnel", you'll need an alternate route table for the route and policy routing (e.g. ip rule that matches iif ppp0). (But strangely in your ip route output, there's not even a ppp0 route; have you omitted some lines?)
    – Tom Yan
    Commented Oct 13, 2023 at 5:48
  • Hi @TomYan the ppp0 interface becomes active on nmcli and ip route show when a user connects to it, so I've updated the post to include the newly added ip route show with ppp0 enabled. Thanks a lot for the time to help me out.
    – Muneeb Ahmad Khurram
    Commented Oct 13, 2023 at 6:03
  • @TomYan I would also like to add when I connect I can only access the local network no access to the internet from tun0.
    – Muneeb Ahmad Khurram
    Commented Oct 13, 2023 at 6:18

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .