Thanks for taking the time to help me out. I'm trying to setup a routing between the traffic I get from my PPTP VPN Service on (ppp0) and route it to my OpenVPN (tun0) Interface. I have tried multiple solutions from various answers on the past couple of days, and have so far been unable to get it working.
What I'm Trying to Achieve
My Device -> ppp0 -> tun0 -> Internet
OpenVPN Client Configuration
I've added route-noexec
to ensure I can SSH into the server without the client overwriting the IP tables.
client
dev tun
proto tcp
remote 185.244.215.195 443
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
verify-x509-name CN=us-ca90.nordvpn.com
remote-cert-tls server
auth-user-pass
route-noexec
My Current IP Tables Setup
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE && iptables-save
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.1/24 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface tun0 -j ACCEPT
Further Debug Information
Using the above I can go ahead and ping my server at it's DHCP Assigned IP of 10.0.0.50
and on the Server I can go ahead and do curl --interface tun0 ipinfo.io
and it's working with the OpenVPN Tunnel.
Gateway: 10.0.0.1 Local IP: 10.0.0.50
ip route show
default via 10.0.0.1 dev enp0s6 proto dhcp src 10.0.0.50 metric 100
10.0.0.0/24 dev enp0s6 proto kernel scope link src 10.0.0.50 metric 100
10.0.0.1 dev enp0s6 proto dhcp scope link src 10.0.0.50 metric 100
10.0.0.100 dev ppp0 proto kernel scope link src 10.0.0.1
10.7.0.0/16 dev tun0 proto kernel scope link src 10.7.0.7
169.254.0.0/16 dev enp0s6 scope link
169.254.0.0/16 dev enp0s6 proto dhcp scope link src 10.0.0.50 metric 100
169.254.169.254 via 10.0.0.1 dev enp0s6 proto dhcp src 10.0.0.50 metric 100
iptables-save
output
root@instance-20231012-1109:/home/ubuntu# ./build-tun0.sh
# Generated by iptables-save v1.8.7 on Fri Oct 13 05:33:11 2023
*filter
:INPUT ACCEPT [103:10600]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [64:53484]
COMMIT
# Completed on Fri Oct 13 05:33:11 2023
# Generated by iptables-save v1.8.7 on Fri Oct 13 05:33:11 2023
*nat
:PREROUTING ACCEPT [5796:1077692]
:INPUT ACCEPT [3072:143043]
:OUTPUT ACCEPT [247:17909]
:POSTROUTING ACCEPT [40:3581]
-A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
# Completed on Fri Oct 13 05:33:11 2023
iptables-save
. Also make sure you have enabled IP forwarding with sysctl.iptables-save
output, and I have also made sure thatnet.ipv4.ip_forward=1
is enabled. If I change my configuration toenp0s6
instead oftun0
it works.tun0
anyway. If you need to "split tunnel", you'll need an alternate route table for the route and policy routing (e.g. ip rule that matchesiif ppp0
). (But strangely in your ip route output, there's not even a ppp0 route; have you omitted some lines?)ppp0
interface becomes active onnmcli
andip route show
when a user connects to it, so I've updated the post to include the newly addedip route show
withppp0
enabled. Thanks a lot for the time to help me out.