I want to set different outgoing IPs for each client of openvpn. I have two IPs and two different network interface for each: ens3 and ens3:1 (i have more client, this is just for trying). They are defined in /etc/network/interfaces like below:
auto lo
iface lo inet loopback
auto ens3
iface ens3 inet static
address `default_ip`
netmask 255.255.254.0
gateway `gateway`
dns-nameservers 108.61.10.10
post-up ip route add 169.254.0.0/16 dev ens3
auto ens3:1
iface ens3:1 inet static
address `ip2`
netmask 255.255.254.0
I created keys, installed openvpn and configured network.
I made net.ipv4.ip_forward=1
in sysctl.conf
, DEFAULT_FORWARD_POLICY="ACCEPT"
in /etc/default/ufw
and configure iptable with iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
.
I configurated openvpn just like below (/etc/openvpn/server.conf) by looking here:
mode server
tls-server
proto tcp-server
port 443
dev tun
topology "subnet"
push "topology subnet"
ifconfig 10.8.0.1 255.255.254.0
push "route-gateway 10.8.0.1"
push "redirect-gateway def1"
ifconfig-pool 10.8.0.2 10.8.255.255 255.255.0.0
client-config-dir ccd
log-append openvpn.log
status openvpn-status.log
keepalive 10 60
# TLS needs:
pkcs12 keys/server.p12
dh keys/dh2048.pem
Openvpn worked up to this point. When I logged in with this client1.opvn (below) file and client1.psk by using Tunnelblick in macOs, it worked. I could use internet with default_ip.
client
dev tun
ns-cert-type server
proto tcp
remote `default_ip` 443
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
verb 3
pkcs12 /Users/User/client1.p12
However, when I tried to make client1 use ip2
while using openvpn by creating ccd/client1 file like below and configuring iptable with iptables -t nat -A POSTROUTING -s 10.8.5.0 -o ens3:1 -j MASQUERADE
, it didn't work. Tunnelblick connected to OpenVPN but there was no internet connection.
ifconfig-push 10.8.5.1 255.255.254.0
BTW, openvpn is installed on Ubuntu 16.04. I should say, I am new at network and also openvpn. I tried several things to make it out, but it didn't work no matter what. How can I make this work?
Best Answer
I couldn't make it work in this way. That's why, I configured multiple openvpn instances so that each one listen single ip and use interface of same ip.
I used this bash script for initial installation.
I created a directory, for each instance under /etc/openvpninstances . You can copy default directory for a quick start.
For each ip, network interface should be defined and iptables should be configured.
Here is server.conf for each ip:
Each openvpn instances can be started by following command:
In ovpn files, remote ip and port and also certificates should be changed for each ip.