All Questions
176
questions
1
vote
0
answers
28
views
Linux - Preserve client IP Addresses when connecting to game server over wireguard VPN tunnel from VPS
My question is almost perfectly summarised here:
Preserve connecting clients IP address through an OpenVPN tunnel
And the solution provided in that post hints at what I need to do, and have been ...
- 11
0
votes
0
answers
36
views
Round-robin between two VPNs with route tables and iptables
I opened to vpn interfaces with
openvpn --config vpn1.ovpn
openvpn --config vpn2.ovpn
and I want to send all from my laptop by one of the vpns.
I prevented the vpns from changing my default gateway ...
- 101
0
votes
0
answers
44
views
iptable: Route all traffic from swlan0 to tun0 device
I have a rooted android device with a VPN app installed and I want to route all traffic from Mobile Hotspot(swlan0) through VPN(tun0).
I ran this script found on github(from 5 years ago) to update ...
- 1
0
votes
0
answers
185
views
To allow IPsec NAT-T traffic to pass through, why does the firewall still need to permit ESP when it already allows UDP 4500?
I established an IPsec VPN tunnel between two Juniper SRX routers across NAT, with the NAT being performed by the firewall (a Linux server). When attempting to configure the firewall rules to allow ...
0
votes
0
answers
42
views
Route all TCP traffic from port to another host:port
I have a wireguard config, creating a VPN between a remote server (10.0.1.1) and my local machine (10.0.1.2), so that the server can reach the local machine and vice versa.
I'd like the server to ...
- 125
0
votes
0
answers
69
views
No internet connection after setuping OpenConnect server on ArchLinux
ip tuntap add mode tun dev vpn0
ip addr add 192.168.2.2/24 dev vpn0
# systemctl restart ocserv
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
iptables -...
- 101
1
vote
0
answers
113
views
How can I use iptables to forward all traffic through an interface based in gid?
I'm on Debian 12 bookworm
I'm trying to forward all traffic from (and to) users in the group watchers through interface tun9 and prevent them from using enp2s0.
I've set up a tunnel using openvpn with ...
- 201
0
votes
0
answers
49
views
triple vpn tunnel to bypass vpn blocks
is it technically possible to setup a VPN tunnel (or port-forwarding,or any other ways) as illustrated with bellow picture ?
Assuming there is an restricted FW which even VPNs do not work plus "...
- 271
0
votes
1
answer
49
views
Docker exposed ports available from host, but not from other machines in iptables restricted container
I have custom container with VPN inside, with following iptables rules inside container:
# Flush all existing rules and chains
iptables -F
iptables -X
# Set default policies to DROP
iptables -P INPUT ...
- 123
2
votes
1
answer
2k
views
Using Wireguard to forward traffic from public facing VPS to private server
TL;DR; I'm trying to setup a bunch of internet facing services (web, smtp, other) on a machine running on my LAN and forward traffic to it from a public facing VPS machine using Wireguard in such a ...
- 21
0
votes
2
answers
169
views
Prevent Internet access when VPN fails
Consider the following scenario:
The VPN server is a FritzBox 7590 with the latest OS and VPN configured as IPSec.
I have two locations that I connect via a VPN as follows. Location A runs a VPN ...
- 95
1
vote
0
answers
129
views
How do I limit access to a port of a docker container with iptables?
I have a docker host running a container on a bridged network, providing vpn access to a endpoint on multiple ports (one for each system on the remote network). Now i want to limit the access to that ...
- 11
0
votes
0
answers
472
views
How to route Wireguard within a network namespace with public internet access?
I've been trying to wrap my head around this for several days now, so I drew a picture (at bottom of post).
Context
I have a VPS with two namespaces:
init namespace (root)
custom namespace (my cool ...
- 101
0
votes
0
answers
158
views
Bandwidth control using traffic control `tc` on Strongswan ipsec connection
I am in the need to use traffic control tc to regulate the bandwidth.
From what I known is that I can manage the bandwidth using the following
DEV=eth0
RATE="100kbps"
tc qdisc del dev $DEV ...
- 51
0
votes
0
answers
114
views
Routing traffic from from VPS to socks (redsocks+iptables)
I have an OpenVPN server running on a VPS with OpenVPN client running on my computer. I'm trying to route my client's traffic over an external 4g proxy after it reaches the OpenVPN server so my vps IP ...
- 1
1
vote
1
answer
602
views
Cannot access Outline VPN on CentOS
I installed Outline VPN a few times on Ubuntu servers and each time it was fast and easy. Now I'm trying to install it to CentOS and the Outline VPN shell script executes smoothly and with no errors:
...
0
votes
0
answers
51
views
VPN router only accessible with new default routes instead of standard gateway setting
On my Ubuntu machines I configured a router for internal VPN Access as VM.
The VM is only used to have masked connections going out to the internet. No connections are made from outside to lan or so. ...
- 1
0
votes
0
answers
191
views
Port forwarding socks5 proxy across network namespaces
I've finally set up the netns veth openvpn connection that works, made overrides to systemd service files so openvpn depended on netns single shot service and tor of openvpn service. Tor works, at ...
0
votes
0
answers
51
views
Trouble Routing Traffic between 2 KVM Hosts
I am attempting to create a networked KVM setup as described in the following guide: https://c3rb3ru5d3d53c.github.io/2022/06/kvm-malware-lab/
My network topography is as follows:
┌────────┐
│...
- 1
0
votes
0
answers
164
views
OpenVPN multihop over tun0 device between two servers
What I have is
A in my region, and B in another region (both servers are CentOS 7).
The reason of this question is
I can connect from A to B and from B to A, but the final goal is to have internet via ...
- 423
4
votes
1
answer
4k
views
VPN client cannot access network behind VPN server(wireguard)
I have created a wireguard VPN server, but the clients cannot access some networks behind the server,
wireguard-server
eno1: 10.10.10.2/24 (GW)
eno2: 10.10.11.2/24
wg0: 10.66.66.1/24
I want the ...
- 43
0
votes
0
answers
772
views
How set up iptables for Double VPN (VPN chain) with Wireguard?
I'm currently trying to set up a VPN chain (double vpn) with using Wireguard. I tried to use examples from different articles: https://allanjohn909.medium.com/vpn-chaining-with-wireguard-ec2bd500509e ...
0
votes
0
answers
491
views
OpenConnect Server not connecting to internet using ufw ip forwarding
I want to create an OpenConnect VPN server. I followed this tutorial step by step however, while I'm able to connect to the open connect server using a client, the problem is that I don't have any ...
- 51
4
votes
2
answers
12k
views
Routing WireGuard peer's traffic via another peer
I want to use the RPi in my house as a WireGuard VPN. Unfortunately, my ISP mandates a CGNAT. My plan was to have the RPi connect as a WireGuard peer to my server (with a static IP). I would then ...
- 43
1
vote
1
answer
228
views
address-based routing policy for Linux router?
I have a home Linux router, it connects to the Internet through ppp0(both IPv4/v6), I run a wireguard VPN wg0 on it. Its internal NIC interface is lan0 (192.168.100.1/24, fd42:100::1/120), which ...
- 43
0
votes
1
answer
460
views
Correct iptables rules for a reverse vpn set up
I set up a VPS to be a reverse vpn to my self-hosted mailserver, and would like to know if these rules I've come up with make sense and are correct for what I'm doing.
The mailserver (mailcow docker ...
- 21
1
vote
0
answers
5k
views
Config Wireguard server to use a socks proxy to access internet
There is a Wiregurad server that is working perfectly, but we need that Wireguard's server connect to the internet using socks proxy through the second server and ONLY Wireguard, Not other programs ...
- 121
1
vote
1
answer
228
views
sshuttle VPN works, but breaks website
Im using this command. It works just fine. Im able to download things from the command line that I previously was not able to
sshuttle --dns -vvr [email protected] 0/0 -x 192.168.1.252
The problem ...
- 111
1
vote
1
answer
779
views
Ip route : access ip on different interface trough Wireguard VPN
I would like to access from my Windows PC a KNX interface that is wired to a Linux PC trought my wireguard VPN but the interface is on a different subnet. The KNX interface use UDP protocol on port ...
- 21
3
votes
3
answers
2k
views
IPTables how to nat 10.8.a.b to 10.0.a.b?
The problem -- Translate 10.8.a.b to 10.0.a.b ?
I have a VPN setup to a bastion host. I'm attempting to map 10.8.0.0/17 into 10.0.0.0/17 so that the IP address 10.8.1.1 gets mapped to 10.0.1.1 in my ...
- 144
0
votes
1
answer
2k
views
Forward client IP addresses through a Wireguard tunnel, instead of masquerading with tunnel IP
I am using a Debian VPS with a static IP to provide port forwarding for a few self-hosted services including a Minecraft server. My current arrangement is functional in that it allows players to ...
- 21
1
vote
0
answers
388
views
StrongSwan 5.9.1 (Debian Bullseye): Traffic from IPsec tunnel gets forwarded via Ethernet, but not via bridge
The following problem:
I have a server that is, in addition to other tasks not relevant for the problem at hand, supposed to act as an IPsec gateway.
When I'm using the Ethernet interface pointing to ...
- 265
0
votes
1
answer
3k
views
WireGuard full tunnel blocks Internet access
Thanks for even clicking on my question !
So, I have an R-Pi, and I installed WireGuard on it (I am NOT using PiVPN; I tried, but it wasn't working at all). I also have PiHole installed.
I have been ...
- 111
0
votes
1
answer
612
views
Specify openvpn/wireguard server outbound ip
I have a VPS with a interface eth0, that has 2 IPs, 10.0.0.3 (default) and 10.0.0.5. The 2 IPs are mirrored to external IP by ISP, 1.0.0.10, 2.0.0.20. (Google and Oracle Cloud have the similar ...
- 43
0
votes
1
answer
222
views
Make a remote host have a local IP address with ARP capability(Steam Link)
Currently I have two subnets in the 10.0.0.0/16, which are 10.40.20.0/24, let's say that's A and 10.32.80.0/24, B.
My PC is in the subnet A and what I'm going to do is use Steam Link, Oculus Air Link ...
- 1
1
vote
0
answers
138
views
OpenVPN multiple gateway issue (server can't access new client gateway's)
By default, OpenVPN gateway is 10.8.0.x, i want to add 10.8.1.x gateway additionally.
the problem :
Clients with 10.8.0.x and 10.8.1.x ip can ping the server and access via ssh. In addition, clients ...
- 11
4
votes
1
answer
14k
views
How to properly forward TCP and UDP traffic between interfaces using iptables?
ServerA
eth0 internet interface
wg0 vpn interface 10.66.66.1
ServerB
wg0 vpn interface 10.66.66.2
How can I forward traffic from eth0 to wg0 10.66.66.2 using iptables?
I want to forward the ...
- 167
1
vote
0
answers
2k
views
VPN Server behind CGNAT
I have 2 homes: home1 is using an ISP with CGNAT, home2 has a public ip address.
I'd like to be able to connect from anywhere to a Wireguard VPN server from home1 (SH1) and use that connection to ...
- 111
1
vote
0
answers
170
views
SMB over VM over VPN?
I've been struggling with forwarding traffic to SMB over VM that connects to my reverse proxy server that has public IP.
My setup:
Home:
[Debian11 server with SMB] (My server rack)
[Ubuntu VPS] (my ...
- 11
3
votes
0
answers
2k
views
Routing traffic through custom tap device en-route to internet on linux
I have a VM that is using a tap device (tap2) and my goal is to filter all the traffic in/out of tap2 using a custom program written by me that runs in userspace.
The topology I came up with routes ...
1
vote
1
answer
3k
views
Port forwarding using IPTABLES to vpn client
I have been struggling for almost half a year now and I read almost all of the internet's solutions but none have worked.
The current solution which is also came from different articles is this:
...
4
votes
1
answer
16k
views
Wireguard Client With Two Interfaces - Use one Interface for Wireguard
I'm trying to configure a Wireguard client currently set to route all traffic through Wireguard to only route one network interface through Wireguard.
Ex: The Client has both wlan0 and eth0 interfaces ...
- 41
0
votes
1
answer
1k
views
Forward packets to another IP
I ama using a VPN to connect to my work network. The problem is that the VPN doesn't have a route for the subnet I want to reach (192.168.24.0/24). I am able to ping another subnet (192.168.2.0/24), ...
- 3
4
votes
0
answers
97
views
Site-to-site VPN with consumer hardware
I'm trying to use OpenVPN to set up a routed site-to-site VPN to connect two NAT-ed networks, roughly following the instructions here.
Network A uses the IP range 192.168.1.0/24. The router and ...
- 5,923
0
votes
1
answer
415
views
OpenVPN connects but then internet connection drops on RutOS
I set up my rut950 4g router to connect to a commercial VPN provider and it was working fine until one day it stopped working. To be more specific, the internet connection works, the VPN connection ...
- 1
0
votes
1
answer
505
views
How to route VPN traffic through two gateways?
I would like to be able to establish a VPN tunnel from the internet to my OpenVPN server on address 192.168.1.45. My home network setup is a bit complex since I am using a Raspberry pi as a gateway to ...
- 1
0
votes
1
answer
998
views
OpenVPN and IPTABLES - How to assign lan (vpn) gateway to clients
I am trying to set up my openvpn network but I have a problem.
My LAN configuration is as follows:
main router Zyxel 192.168.1.1 acting as gateway (vdsl connection) and access point;
openwrt router ...
0
votes
1
answer
1k
views
Iptables split traffic through VPN and home network
I am using an Raspberry pi as my router to serve my pc and an ioT device. The connection diagram is as below:
network setup
The RPi has two ethernet port, eth1 connected to my home network 192.168.1.0/...
- 103
1
vote
1
answer
2k
views
Keep the original IP after forwarding through iptables
EDIT: I've made a post on Medium about how I did these things: Link
I've been trying to forward trafic from my VPS with public IP to my home server (behind CGNAT) using wireguard VPN. I want to ...
- 13
0
votes
1
answer
1k
views
raspberry pi iptables forward DNS requests over VPN
I have used and slightly modified the rpi-wifi script to set up a WiFi access point while using the standard WiFi connections. All is good.
I want to setup ExpressVPN and have all traffic go through ...
- 145