Hello, Thanks again. Yes, I'm testing on a virtual machine and haven't moved it to a real server yet, But the public IP address has nothing to do with the server configuration file. The IP address is important for the client file that wants to connect to my server. In the client file, I must set my public IP.
Why these iptables rules are incorrect? # IF_MAIN=enp0s3:0 # IF_TUNNEL=tun2 # YOUR_OPENVPN_SUBNET=10.10.0.0/16 # iptables -I INPUT -p udp --dport 1196 -j ACCEPT # iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT # iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADE For example, if the enp0s3:0 interface has a public IP address like 1.2.3.4, then what is wrong? Excuse me, can you show me a good example of a NIC setting with more than one IP address and iptables rules? On Wednesday, July 26, 2023 at 01:05:25 PM GMT+3:30, Jochen Bern <jochen.b...@binect.de> wrote: On 26.07.23 07:44, Jason Long wrote: > I just created a virtual NIC and all the iptables rules that I did > for a real NIC, I did for this virtual NIC too. Consider an OpenVPN > server that has one NIC with three public IPs and you want to run > an OpenVPN server.conf file for each IPs. You must set these three > public IPs on your NIC and then launch your OpenVPN server. First off, *your* VPN server *doesn't* have public IPs; you've shown us the interface settings, and there were subnets of 10.0.0.0/8 in use. That's why I still think that your Internet access has an intervening NAT box that you haven't told us about yet. Second, here you're talking about the actual VPN connections that the clients make *to* the VPN server itself. Yes, if those three IPs (with whatever ports) are reachable from the Internet (the server's routing table may still be relevant here), that'll work. What we were talking about in the previous mail, however, was what SRC IPs the clients' traffic *through* the server will get set as they get MASQUERADEd upon exiting the server, and whether routing table and iptables' filter rules agree with *that*. > Are my iptables rules wrong? Maybe. You've shown us only what you *actively changed* (no info on the chains' policies, for example), and the question what SRC IP the through traffic is MASQUERADEd to (to compare that with the filter rules) is still open. Kind regards, -- Jochen Bern Systemingenieur Binect GmbH _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
