OpenVPN server with two public IP addresses

hack3rcon · 2023-08-20 10:27:51

Hello,
Suppose you have an OpenVPN server. Now, you want to set two public IP addresses on it. Your public IP addresses are:

1.2.3.4
1.2.3.5

Your OpenVPN server has one NIC as below:

# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        inet6 fe80::a00:27ff:feed:b47c  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:ed:b4:7c  txqueuelen 1000  (Ethernet)
        RX packets 14915  bytes 2455731 (2.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11701  bytes 1581492 (1.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 336 (336.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 336 (336.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Can you show how to prepare your OpenVPN server step by step? For example, You must first create a virtual network card and...

I'm sure this thread is useful for many users.

Thank you.

-thc · 2023-08-21 06:47:41

Depending on your hypervisor (ESXi?) and the nature of the provided network connectivity (how many physical network adapters and their ip routing setup) this gets rather specific for your use case and may be not that interesting for other users.

In most cases you have to setup a router VM that is exposed to the external IPs and can either provide VPN via port forwarding to an "internal" VPN-VM (like your chosen IP suggests) or provide a VPN itself.

hack3rcon · 2023-08-21 06:52:55

-thc wrote:

Depending on your hypervisor (ESXi?) and the nature of the provided network connectivity (how many physical network adapters and their ip routing setup) this gets rather specific for your use case and may be not that interesting for other users.
In most cases you have to setup a router VM that is exposed to the external IPs and can either provide VPN via port forwarding to an "internal" VPN-VM (like your chosen IP suggests) or provide a VPN itself.

Hello,
Thank you so much for your reply.
Assume that this is a physical server with a network card. You installed the OpenVPN server on it and you want to set those two public IP addresses on your server NIC and allow clients to connect to your server with those two public IP addresses.
What are your steps?

Last edited by hack3rcon (2023-08-21 06:53:21)

Koatao · 2023-08-21 07:29:00

Hi,

Do you think we are AI?! Stop saying «Assume» ou «Suppose». We know it is not for the «community» that you are asking that but for yourself. Stop asking for a tutorial. There is plenty out there and the Arch Wiki. If you have specific question on something you don't understand, then ask about it and give a full explanation of your set up.

Like @-thc said, you just need to make a port forwarding from your firewall/router sitting at the edge (WAN)* of your network to your OpenVPN server.

Setting the public IPs statically on the server is a bad idea and involve even more networking configuration on the WAN router while expanding the attack surface of your host.

Anyway, this is network related stuff and unless your edge router is running Arch (which is a very weird think to do IMHO), this has nothing to do with Arch.

*If the public IPs are provided by your WAN provider.

EDIT: And you will want to set your OpenVPN server on a DMZ, and set strict network access rules between your DMZ and your LAN to only allow what is needed.

Last edited by Koatao (2023-08-21 07:33:20)

hack3rcon · 2023-08-21 08:16:23

Koatao wrote:

Hi,
Do you think we are AI?! Stop saying «Assume» ou «Suppose». We know it is not for the «community» that you are asking that but for yourself. Stop asking for a tutorial. There is plenty out there and the Arch Wiki. If you have specific question on something you don't understand, then ask about it and give a full explanation of your set up.
Like @-thc said, you just need to make a port forwarding from your firewall/router sitting at the edge (WAN)* of your network to your OpenVPN server.
Setting the public IPs statically on the server is a bad idea and involve even more networking configuration on the WAN router while expanding the attack surface of your host.
Anyway, this is network related stuff and unless your edge router is running Arch (which is a very weird think to do IMHO), this has nothing to do with Arch.
*If the public IPs are provided by your WAN provider.
EDIT: And you will want to set your OpenVPN server on a DMZ, and set strict network access rules between your DMZ and your LAN to only allow what is needed.

Hello,
Thank you so much for your reply.
I googled it, but not found any useful article about it. Can you show me the Arch Wiki about it?

Koatao · 2023-08-21 09:01:05

You have not found anything useful on port forwarding on the whole internet?

https://duckduckgo.com/?t=ffab&q=port+forwading&ia=web, the first three link are "How to".
https://www.howtogeek.com/66214/how-to- … ur-router/, this (2nd link) literally seems to explain STEP BY STEP how to do port forwarding... Again nothing related to Arch Linux.

What don't you understand exactly? Tell us? We ain't gonna sum it up for you or do a tutorial for you tho.

As for the wiki, you can start your way from there and them make your own research on stuff you don't understand yet:
https://wiki.archlinux.org/title/Internet_sharing
https://wiki.archlinux.org/title/Router
https://wiki.archlinux.org/title/OpenVPN

schard · 2023-08-21 09:02:27

I think we just found our AI that wants to be trained.

- Don't feed the troll
- Don't feed the help vampire
- Don't train the AI

Last edited by schard (2023-08-21 09:03:41)

hack3rcon · 2023-08-21 09:59:18

Koatao wrote:

You have not found anything useful on port forwarding on the whole internet?
https://duckduckgo.com/?t=ffab&q=port+forwading&ia=web, the first three link are "How to".
https://www.howtogeek.com/66214/how-to- … ur-router/, this (2nd link) literally seems to explain STEP BY STEP how to do port forwarding... Again nothing related to Arch Linux.
What don't you understand exactly? Tell us? We ain't gonna sum it up for you or do a tutorial for you tho.
As for the wiki, you can start your way from there and them make your own research on stuff you don't understand yet:
https://wiki.archlinux.org/title/Internet_sharing
https://wiki.archlinux.org/title/Router
https://wiki.archlinux.org/title/OpenVPN

Hello,
Thank you so much for your reply.
Why port forwarding?

Arch Linux

#1 2023-08-20 10:27:51

OpenVPN server with two public IP addresses

#2 2023-08-21 06:47:41

Re: OpenVPN server with two public IP addresses

#3 2023-08-21 06:52:55

Re: OpenVPN server with two public IP addresses

#4 2023-08-21 07:29:00

Re: OpenVPN server with two public IP addresses

#5 2023-08-21 08:16:23

Re: OpenVPN server with two public IP addresses

#6 2023-08-21 09:01:05

Re: OpenVPN server with two public IP addresses

#7 2023-08-21 09:02:27

Re: OpenVPN server with two public IP addresses

#8 2023-08-21 09:59:18

Re: OpenVPN server with two public IP addresses

Board footer