Jump to content

Help with routing for VPN (One to one nat)

pomtom44
By pomtom44
in Networking
 Share
Posted

Background:
OpenVPN server hosted at home

Connect to it fine from my phone from externally and get a static ip (10.10.100.101)

Want to do a 1:1 nat on the traffic between the VPN server and my LAN (so I can do IP rule filtering, otherwise all traffic shows as coming from the VPN server's IP)

Setup network 10.10.100.0 internally

Planned to do a 1:1 nat between 10.10.100.0 and 10.10.101.0 (so each VPN device would get a LAN IP I can then use for management)

 

Took ages trying to get it to work properly. ended up looking at my router logs to find out whats going on and found
IPv4: martian source 157.240.8.13 from 10.10.101.101, on dev eth0
 

Did some research and I believe that my IPtables rules on my VPN server are not changing the source IP
so requests from my phone are showing as coming from the 10.10.101.0 network and when the request gets returned, that network doesn't exists so it cant be routed to?
Am I right? and how do I fix it?

 

or better yet, how do I change my VPN setup to do what I want

Thanks in advance.

Link to comment
https://linustechtips.com/topic/1119336-help-with-routing-for-vpn-one-to-one-nat/
Share on other sites
Link to post
Share on other sites
Posted
43 minutes ago, pomtom44 said:

Did some research and I believe that my IPtables rules on my VPN server are not changing the source IP

so requests from my phone are showing as coming from the 10.10.101.0 network and when the request gets returned, that network doesn't exists so it cant be routed to?
Am I right? and how do I fix it?

 

or better yet, how do I change my VPN setup to do what I want

Thanks in advance.

 

Most of this is over my head. You might need to create a route in your router to tell traffic going to the 10.10.101.0 network to go to your local VPN server's IP address. 

Link to post
Share on other sites
Posted
  • Author
13 hours ago, Catsrules said:

 

Most of this is over my head. You might need to create a route in your router to tell traffic going to the 10.10.101.0 network to go to your local VPN server's IP address. 

I was under the impression that the 1:1 nat on the VPN server should be changing it from the 101 to the 100 network
so the  core router should only see 100 traffic, and be replying to 100 traffic

 

Link to post
Share on other sites
Posted
15 hours ago, pomtom44 said:

I was under the impression that the 1:1 nat on the VPN server should be changing it from the 101 to the 100 network
so the  core router should only see 100 traffic, and be replying to 100 traffic

 

Sorry I was talking about routing. But yeah a 1:1 NAT would do that. Unfortunately I am not very familiar with 1:1 NAT.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×