[Openvpn-users] OpenVPN Setup on a VM with two NICs

Tue, 16 Feb 2021 11:40:46 -0800 

Hello,
I would like to ask for your help for a setup according to the following scenario. 


We are setting up a cloud-based CentOS 8 VM (on our ISP's network) 
connected to our router over two different L2VPNs (VLANs) with two 
respective NICs:



1. The first NIC (NIC1) with a public address will be accepting 
connections from the Internet.



2. The second NIC (NIC2) with a private address will be used to route 
connected remote clients.



The OpenVPN Server would assign to remote clients (connected to the 
public interface) addresses e.g. from the 10.10.128.0/22 subnet; it will 
keep 10.10.128.2/22 for itself and give 10.10.128.3++ addresses to 
clients (obviously up to 10.10.131.254). The IP address 10.10.128.1 will 
be assigned to the router interface and used as a gateway of all the 
private subnet.



I would like to setup OpenVPN without NAT, so that the box (the VM) will 
use 10.10.128.1 as a gateway for all 10.10.128.0/22 addresses.  (For 
Internet access private addressess will be NAT'ed by our Org 
router/firewall.)



Can you please guide me on how to configure the OpenVPN VM (CentOS 8) 
routing table (and whatever else is needed) so as to work as described, 
i.e. to route all network traffic of connected remote clients (with 
addresses 10.10.201.3++/22) over gateway 10.10.128.1 and not over the 
default gateway of the VM (which is in a public subnet)? In other words, 
the default gateway (a public address) will be used for the VM's needs 
and not for the remote clients.



In essence there should be two default gateways, a different one for 
each NIC.



Will OpenVPN clients automatically select the NIC2 gateway since they 
will be having IP Addresses on the NIC2 subnet?



Will OpenVPN server accept 10.10.128.2 as an interface to 
10.10.128.0/22? How should it be configured? (Or it will only 
automatically set 10.10.128.1 as an interface?)



Is there any example of such a setup published somewhere? (I have not 
been able to find one.)



(We would also want to enable IPv6 on all functions, but this matter 
will be treated later.)


Any and all comments will be welcome!

Thanks in advance,
Nick


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to