|
OpenVPN and port forwarding without SNAT
Hello,
I have two houses with two different ISPs. In one, let's call it A, I have only a very small router running OpenWRT and the only VPN solution available is OpenVPN (I cannot install anything else on this 4/32 toy). OpenVPN connects it to my second house, B, where I have a powerful server. My idea was to forward SMTP traffic from A to B, since A has a static IP with an appropriate reverse DNS. The forwarding should not include SNAT, since I want to preserve the logs of the connections to the mail server, and I was thinking to use policy routing to route the mail server responses back via the A router. The problem is that OpenVPN will drop any packet if the source address does not belong to the internal network. I cannot understand why but this seems to be done on purpose: https://forums.openvpn.net/viewtopic.php?t=32982 https://forums.openvpn.net/viewtopic.php?t=32714 Now, I have no idea how I could achieve my goal given my limitation (even a GRE tunnel is not possible since iproute2 on the small router doesn't have the GRE module). Any suggestion would be greatly appreciated. Best, andrea |
I found a solution: I was able to install on the router the minimum required to create IP over IP tunnels, so I created an ipip tunnel between the two endpoints of the VPN and I'm now able to redirect external traffic reaching A's router to B's lan, overcoming the limitations of OpenVPN and using policy routing without masquerading the traffic going through the vpn. Nice!
best, andrea |
| All times are GMT -5. The time now is 03:39 PM. |