What I have… A virtual machine with two IP addresses, call 'em 1.1.1.1 and 1.1.1.2 as eth0 and eth0:1. It's running OpenVPN now and works fine doing normal stuff using just eth0.
What I want… Use the second IP address at eth0:1 for all VPN traffic in and out, and route all TCP, UDP and hopefully even ICMP packets through the VPN to the protected host on the inside at 10.8.0.10. So basically anything directed at 1.1.1.2 instead goes to 10.8.0.10.
Sounds easy. But I'm getting kinda nowhere. Packet forwarding isn't wanting to work for me, and routing isn't working (while I can get inbound traffic to come in on 1.1.1.2–duh, that's trivial–I can't get it to use 1.1.1.2 outbound).
Hints? Pointers to "RTFM" (better than "here's the OpenVPN doc and here's the iptable doc and here's the route command")?
Best Answer
If I understand your right, you want to have such network design:
Then all traffic that come to 1.1.1.2 you want route to 10.8.0.10 and so on.
If you don't have problems with OpenVPN, then you should use NAT! Your rules for one address should look like this one in
nat
section:And for sure, you should enable forwarding in your
sysctl
setting.