Skip to main content
Unix & Linux

Return to Revisions

3 of 5
added 357 characters in body
Proto
Proto
  • 71
  • 4

Redirect traffic from a OpenVPN server to an OpenVPN client running in the same device

I have a raspberry box running an OpenVPN server that I'm using as a way to connect to use my Pihole installation when outside my home network. This is working without issues.

                     |          HOME NETWORK/Pihole  |
(Remote client)     --   (Open VPN Server )        ---         Internet

Separately I have a remote VPN service that I can connect to via an OpenVPN client from the Pi device. That I tested succesfully as well.

                    |          HOME NETWORK/Pihole  |
                           (Open VPN Client )       -            VPN provider

I would like to be combine both services such that the final installation would look like this

                 |          HOME NETWORK /Pihole           |
(Remote client) -- (Open VPN Server) -- (Open VPN Client) --- Remote VPN service

I have tried solutions like the one described in this similar question (Wireguard server with active OpenVPN client) with negative similar results: Once you activate the Open VPN client (tun1) the server (tun0) becomes unrecheable.

Here's what the routing table looks like when both intefaces tun[01] are up

0.0.0.0/1 via 10.50.11.5 dev tun1
default via 192.168.1.1 dev wlan0 src 192.168.1.164 metric 303
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
10.50.11.1 via 10.50.11.5 dev tun1
10.50.11.5 dev tun1 proto kernel scope link src 10.50.11.6
128.0.0.0/1 via 10.50.11.5 dev tun1
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.164 metric 303
199.116.115.135 via 192.168.1.1 dev wlan0

Is there a way to make it so incoming/outgoing connections going to the port belonging to the OVPN server (1194) go through tun0? Is this the only thing I would need to change?

edit: I also tried the solution in OpenVPN Client and Server on same machine - Server doesn't allow connections when client is connected which I discovered after posting this question to no avail. This would appear to be directly related to my issue but it's still not working. Here's what the server log looks like

pi@raspberrypi:/etc/openvpn $ sudo more openvpn-status.log
OpenVPN CLIENT LIST
Updated,Sat Jun 29 23:30:41 2019
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
UNDEF,172.58.87.22:39159,860,442,Sat Jun 29 23:30:02 2019

This is what the error log looks like

Sat Jun 29 23:34:47 2019 172.58.87.22:28162 TLS Error: incoming packet authentication failed from [AF_INET]172.58.87.22:28162
Sat Jun 29 23:34:48 2019 172.58.87.22:28162 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1561869285) Sat Jun 29 23:34:45 2019 ] -- see the man page entry for --no-replay and --replay-window for more
info or silence this warning with --mute-replay-warnings
Sat Jun 29 23:34:48 2019 172.58.87.22:28162 TLS Error: incoming packet authentication failed from [AF_INET]172.58.87.22:28162
Proto
  • 71
  • 4