Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
sysadmin
PostPosted: Tue Jun 30, 2015 4:19 pm 
Offline
Newbie

Joined: Sun Dec 21, 2014 5:01 pm
Posts: 3
I have been trying to get OpenVPN set up to access systems by private IP on Linode. Installing and connecting to OpenVPN was no problem, but I am having a routing issue. If I have NAT enabled in iptables, I can access other Linodes by private IP, but then the client IP appears to the private IP of the OpenVPN server. It is necessary for each Linode to see the client's OpenVPN IP, not the IP of the Linode running OpenVPN. If I disable NAT, I can still ping the private IP of the OpenVPN server, but not other Linodes. I have the OpenVPN client block added to the routing table of the other Linode I am testing with.

I have looked at some OpenVPN howtos that Linode has posted, but they use NAT. I did not see any mention of a reason for using NAT.

In searching for a solution, I cam across the following Serverfault posting where someone is claiming that this is a Linode problem.

http://serverfault.com/questions/595438/how-can-i-achieve-openvpn-client-routing-without-nat-on-linode
>>>>
As further background, these machines are hosted on Linode. It turns out that they use static maps in their switches in order to route traffic to specific nodes on the LAN. Since the VPN source IPs aren't part of those static maps, the traffic wasn't routed anywhere.

So this turns out to be a Linode specific issue, but hopefully it can help others to know that.
<<<<

Can anyone confirm or refute the above statement? Has anyone been able to use OpenVPN on Linode without running NAT?

Thanks.
Top
   
Reply with quote  
ken-ji
PostPosted: Tue Jun 30, 2015 7:24 pm 
Offline
Senior Newbie

Joined: Fri Oct 19, 2012 8:35 pm
Posts: 15
You'd get more meaningful answers if you post your configs: the iptables, routes, ip ranges in use/involved, and the openvpn configs
Top
   
Reply with quote  
sysadmin
PostPosted: Wed Jul 01, 2015 10:53 am 
Offline
Newbie

Joined: Sun Dec 21, 2014 5:01 pm
Posts: 3
Thank you for your suggestion, but my question is referring to an existing Serverfault question which precisely describes what I am trying to do. That post includes iptables rules, routing, and even a good diagram to illustrate the network configuration. The resolution to that post was that there is something specific about Linode that prevents doing this very straightforward thing with OpenVPN.

I am hoping that someone here will be able to, as I said, either confirm or refute that assertion. Is what the Serverfault post says correct? Is it really impossible to route OpenVPN clients to internal Linode IPs without NAT?
Top
   
Reply with quote  
TheTechStewart
PostPosted: Wed Jul 01, 2015 11:08 am 
Offline
Linode Staff

Joined: Sat Oct 05, 2013 7:50 pm
Posts: 8
Website: http://www.thetechstewart.com
Twitter: thetechstewart
The ServerFault post you linked to is correct. The static mapping is set in place to prevent IP address spoofing on the internal network.

_________________
James Stewart
Linode Docs Team
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group