I need help to configure my network setup using OpenVPN and Static IP for clients. I am a software engineer with a surface level knowledge of networking.
I have a pool of servers with a private network in the format below:
OS: Linux/Ubuntu
Sub-net: 10.0.0.0/22
Public access: No (default)
Server 1 -> Apps (10.0.0.1)
Server 2 -> Database (10.0.0.2)
Server 3 -> Cache/Logs (10.0.0.3)
Server 4 -> VPN Host (10.0.0.4) - Has public access for sign-in
VPN server have access to all servers in the network, the servers uses Firewall (UFW) to allow connections between themselves.
I have configured OpenVPN to assign Static IP for the users which works fine. The connected user can see the assigned static IP in this sub-net 10.0.10.0/24.
Admin: 10.0.10.2
User 1: 10.0.10.3
User 3: 10.0.10.4
But, whenever I connect to the other servers in the pool, or even monitor the Ping requests, the VPN host IP is what gets used, even if i connect to the VPN host it sees my user coming in with the VPN IP address. This means that any user connected to the VPN will not be uniquely identified for audit purposes.
My expectation is that the users who have static IP addresses will be identified using their IP such as 10.0.10.2, 10.0.10.3 etc. This will allow me to setup firewall access to the users to map what resources/ports in the server pool they can access.
How can I achieve this so that when I ping a server from my desktop it appear with the static IP? I have spent time trying iptables and routing but no luck. Any guide will be appreciated.
