1

I have two servers.

First one is from a local datacenter. OpenVPN is installed on Ubuntu 22.04. Clients connect to this server and get an IP from 10.8.0.0/8 pool. Clients are configured to redirect their default network gateway through the VPN (push "redirect-gateway def1 bypass-dhcp")

There's another server from Linode with one public IP address. It's a defualt Ubuntu 22.04. Nothing special is installed on it and firewall is not active.

I want all clients connected to the first server to access Internet from the Linode machine over its public IP.

My current configuration of first server is as below:

ip link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether fa:16:3e:90:ac:8e brd ff:ff:ff:ff:ff:ff
    altname enp3s0
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500
    link/none

sudo sysctl -p

net.ipv4.ip_forward = 1

/etc/ufw/before.rules

....
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
....

/etc/default/ufw

....
DEFAULT_FORWARD_POLICY="ACCEPT"
....

I know this is some kind of routing magic but I'm just a newbie so please assist.

Omid Shojaee
  • 181

2 Answers2

1

See the answer to this question: https://askubuntu.com/a/461003/1157587

  • First server: Configured as the access point that clients connect to. (Local datacenter)
  • Second server: Egress point for data. (Hosted on Linode)

Start by installing openvpn on the second server; it will be used as the server for the first. A helpful script to do this can be found here: https://github.com/angristan/openvpn-install. Connect from the first server to the second server.

An alternative is to use Tailscale and it's Exit Node feature. I have this running on 5+ machines and all of their traffic goes out a Linode box. It's a polished experience for sure.

Lucas Burlingham
  • 56
0

I suggest the following:

  1. For the first server you need only to change the routing table so that the second server is the default gateway, maybe the only gateway, if you want that also requests forwarded to internal subnets to go through it. See: Default gateway changing

  2. The second server needs to be configured as a router, which includes configuring a few component, but there are a few guides online. This one looks decent: https://kifarunix.com/configure-ubuntu-20-04-as-linux-router/

ofirule
  • 553