Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Outside Server (OpenVPN Server) ---> Intermediate Server (OpenVPN Client + OpenVPN Server) ---> Client (OpenVPN Client)
Clients must connect indirectly to the outside server. The intermediate server plays the role of OpenVPN client for the external server and OpenVPN server for the clients.
Due to some issues, I don't want clients to connect directly to the server.
Hide the number of connections to the outside server.
Would that not be served just as well by simply having the middle server act as a router and route that particular traffic to the internal OpenVPN server?
Would that not be served just as well by simply having the middle server act as a router and route that particular traffic to the internal OpenVPN server?
Hi,
Thanks again.
Internal server? I think you mean the outside server!
How? Do you mean using something like IPFire?
You can, from any external router, route UDP traffic sent to a particular port-number to any internal IP-address. So, this is what you do, to send the incoming traffic from external OpenVPN clients to the designated internal server. You don't need to do anything more complicated than that.
"Don't over-think this thing ..." Draw out the various physical-network connections that you require. Then, do the same for the virtual network ("iroute").
You can, from any external router, route UDP traffic sent to a particular port-number to any internal IP-address. So, this is what you do, to send the incoming traffic from external OpenVPN clients to the designated internal server. You don't need to do anything more complicated than that.
"Don't over-think this thing ..." Draw out the various physical-network connections that you require. Then, do the same for the virtual network ("iroute").
Exactly the kind of thing I meant. No matter if the edge device is your own make, FOSS, or commercial, this is normally a supported function and avoids having an extra decryption,encryption step at the edge device. Keeping things simple makes them far more reliable.
When I set up my last VPN network for a client, I literally took out a large piece of paper and a number-two pencil (my two favorite programming tools ... ...) and drewamap of what I wanted everything to be. Then, looking continuously at that map, I figured out what the various settings needed to be and set them.
(I actually took a loose-leaf notebook and the same pencil, and wrotethemallout, first carefully checked my work against the map, and then used this as a reference while I twiddled with hardware and files.)
There are, as I have said, two networks to consider. The first is the physical network, as seen by the VPN and non-VPN routers and firewalls. The second is the virtual network, which is what is to be seen by the various clients when the VPN is in service. The first involves physically-routable addresses, and is invisible and irrelevant to the users. The second involves non-routable addresses (e.g. "10.x.y.z"), and is what the protected users see and use so long as the VPN is up.
"The right time to figure out 'what is the right thing to do,' is well before(!) you are trying to do it."
---
(Past-life experience): "What are you doing?" "I'm drawing a flowchart!" (By hand.)
Last edited by sundialsvcs; 02-13-2024 at 08:29 AM.
You can, from any external router, route UDP traffic sent to a particular port-number to any internal IP-address. So, this is what you do, to send the incoming traffic from external OpenVPN clients to the designated internal server. You don't need to do anything more complicated than that.
"Don't over-think this thing ..." Draw out the various physical-network connections that you require. Then, do the same for the virtual network ("iroute").
Hi,
Thank you so much for your reply.
But the virtual NIC that is connected to the OpenVPN server outside must be connected to the virtual NIC that is for clients. Am I wrong?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.