[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] How to assign random external IPs to OpenVPN users?


  • Subject: Re: [Openvpn-users] How to assign random external IPs to OpenVPN users?
  • From: Perfect Privacy <admin@xxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 10 Feb 2008 19:35:48 +0100

Hi again, Leonardo!

Yes, I'm actually currently using

iptables -t nat -A POSTROUTING -s 10.xx.xx.0/24 -o eth0 -j MASQUERADE

on our dedicated servers to make the Internet forwarding for OpenVPN 
work and

iptables -t nat -A POSTROUTING -s 10.yy.yy.0/24 -o venet0 -j SNAT 
--to-source 216.xx.xx.37

on our Virtual Private Servers.

So, all I would have to do is to replace the command with

iptables -t nat -A POSTROUTING -s 10.xx.xx.0/24 -o eth0 -j SNAT 
--to-source 216.xx.xx.YYY

on our dedicated servers and with

iptables -t nat -A POSTROUTING -s 10.yy.yy.0/24 -o venet0 -j SNAT 
--to-source 216.xx.xx.YYY

on our VPS machines, where 216.xx.xx.YYY is a different IP we own, and 
it should assign our clients this IP externally in future?

Just want to make sure I enter the correct commands. It's not to funny 
to be unable to access one's own machines. ;)

Thanks for your help.




Leonardo Rodrigues Magalhães wrote:
> 
> 
> Perfect Privacy escreveu:
>> But let's come to the basics first: How would I change the IP that is 
>> assigned to the Primary Interface, or NIC address on CentOS?  This 
>> should, as a result mean, that every client who connects to my OpenVPN 
>> gets assigned a different external IP, e.g. 216.xx.xx.170, instead of 
>> the current one, e.g. 216.xx.xx.164?
>>
>>   
> 
>    You dont need to change the 'main IP' of your interface. If your 
> system is using the main IP, it's probably because you're doing nat 
> POSTROUTING with MASQUERADE target. If you change MASQUERADE and use 
> SNAT, you can specify which would be the translated address.
> 
> change
> iptables -t nat -A POSTROUTING [your options here]  -j MASQUERADE
> by
> iptables -t nat -A POSTROUTING [your options here]  -j SNAT --to-source 
> 216.xx.xx.YYY
> 
> 
>    But this is a iptables problem, not related to OpenVPN at all !
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users