4

I have set up 2 VPN servers in 2 different locations (A running strongswan as server and openvpn as client; B running openvpn as server), And A and B is linked via openvpn. What I want to do is to make A route all client traffic to port 443 and 80 through the openvpn tunnel established between A and B.

I have added a routing table which will route all marked traffic (-t mangle PREROUTING -p tcp -m tcp --dport 443 -j MARK --set-xmark 0x2/0xffffffff) to the openvpn tunnel

I can see the marked traffic is successfully routed to the tunnel using tcpdump (tcpdump -i tun0) but there is only outgoing traffic and no incoming traffic.

Hope someone can help me with this. Thank you!

Improve this question
2
  • Does B have a route back to the client IP addresses via A? Commented May 24, 2015 at 13:50
  • @roaima, B have no specific route to client ip. How can i do this? Commented May 24, 2015 at 14:05

1 Answer 1

Reset to default
1

The problem here is that although clients of A (let's call them X, Y, Z) can route to B via your VPN link, there is no route from B back to clients X, Y, Z.

Without specifics it's tricky to provide an exact solution. Consider this example, though:

  1. Your clients are in subnet 192.168.1.0/24
  2. Server A has its end of the OpenVPN link as 192.168.2.1
  3. Server B has its end of the OpenVPN link as 192.168.2.2

On B you need to add a route to 192.168.1.0/24 via A:

route add -net 192.168.1.0/24 gw 192.168.2.1
Improve this answer
4
  • i added a route back to the client ip.Now i can see incoming traffic but data length of both directions is zero. why? Commented May 25, 2015 at 6:31
  • @Benson what do you mean by "data length"? Commented May 25, 2015 at 7:38
  • it's something like this: ack 7802, win 63136, length 0.i've got this far: the client can connec to strongswan running on A and openvpn client on A also successfully established a tunnel with B via openvpn. local traffic originating from A are able to go through the tunnel. But i'm stuck at routing VPN client's web traffic through the openvpn tunnel to the internet. Please suggest a solution. Commented May 25, 2015 at 13:49
  • @Benson you need to add appropriate default routes. Commented May 26, 2015 at 20:20

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.