----- Original Message ----- From: "Nikolaos Milas" <nmi...@noa.gr> To: <openvpn-users@lists.sourceforge.net> Sent: Monday, September 21, 2015 11:24 AM Subject: Re: [Openvpn-users] Dynamic NAT uses only the last IP Address in range
> On 21/9/2015 10:06 πμ, Nikolaos Milas wrote: > >> ... >> We have now decided to offer a range of 6 public IP Addresses to >> connected hosts, so we have changed the above rule to: >> >> iptables -t nat -A POSTROUTING -o eth0 -s 10.10.112.0/24 -j SNAT >> --to-source 194.xxx.xxx.150-194.xxx.xxx.155 >> >> but we now see that only the last ip address is used by connected >> clients: 194.xxx.xxx.155 >> ... > > Having tested more extensively, we find the following behavior: > > Public IP Addresses are in fact assigned across the whole range of 6 > addresses but if the connected OpenVPN client visits a > "whats-my-ip-address" web page (e.g. like http://whatismyipaddress.com), > they always see the last ip address from the range! (This was the reason > of the misunderstanding above.) Why does this happen??It's a mystery to > me! > > Additionally, an OpenVPN client's *public*IP address does not remain > constant during an OpenVPN session, but it may use more than one from > the IP Addresses in the available range. I guess this is understandable > (because an OpenVPN session is not directly linked to the iptables NAT > service), but is there a way to maintain the same public address during > the whole OpenVPN session? > > Thanks, > Nick > You could use OpenVPN --client-connect script to assign specific iptables NAT rules on a per client basis: Client-connect - client 1: iptables -t nat -A POSTROUTING -s 10.10.112.101/32 -j SNAT --to-source 194.xxx.xxx.151 .. Client-connect - client 5: iptables -t nat -A POSTROUTING -s 10.10.112.105/32 -j SNAT --to-source 194.xxx.xxx.155 regards ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
