If answered correctly this question will show you how to link a 2nd public IP address on a machine to a VPN server tunnel on that machine, so that the remote VPN client (running a server), sees this second IP as its public address. In effect the second public IP address will be the gateway to the remote machine on the VPN.
[ Main Server ETH0 and ETH0:1 and TUN0 ]
ETH0 = 192.168.1.11 ETH0:1 = 192.168.1.8
i.e. the server has 2 IP addresses
TUN0 is an OpenVPN interface to another remote web server This is setup so that the local TUN0 address is 10.10.10.1 And the VPN CLIENT the (remote server) is a static IP of 10.10.10.100
So when the remote VPN CLIENT connects... it is given the address 10.10.10.100
If I then type 10.10.10.100 into the browser on the MAIN Server... the REMOTE CLIENT Web server will serve the page. This is why it was given a fixed IP of 10.10.10.100, so that it can server web pages. This is done in the OpenVPN config files. Its called "Giving The VPN Client a Fixed IP address", and is well documented.
If I type 192.168.1.11 ETH0 on any browser... the MAIN server delivers the page... as it should.
If I type 192.168.1.8 ETH0:1 on any browser... the MAIN server also serves the page... but I DO NOT want that... I want the 2nd IP ETH0:1 to go down the TUN0 and I want the remote 'client' machine to serve the page.
I thought that...
iptables -A FORWARD -i eth0:1 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0:1 -j ACCEPT
would work... it does not.
I thought that...
iptables -A FORWARD -i 192.168.1.8 -o 10.10.10.1 -j ACCEPT
iptables -A FORWARD -i 10.10.10.1 -o 192.168.1.8 -j ACCEPT
no luck
Tried...
iptables -A FORWARD -i 192.168.1.8 -o 10.10.10.100 -j ACCEPT
iptables -A FORWARD -i 10.10.10.100 -o 192.168.1.8 -j ACCEPT
no luck
I am sure I am missing the concept completely... how to make ETH0:1 the second interface and the TUN0 behave as an isolated pipe, that the MAIN server cannot see. I am trying to give the remote VPN client server... one of the "public" interfaces on the main server... ie 192.168.1.8 ETH0:0
Thank you Bob
