0

enter image description here

I have three Open VPN Servers that all serve clients behind them. How can I connect them so all clients can talk to each other? Essentially what I am looking for is how to route packets from tun0 to tun1 and tun2 on the same server...

I have successfully tried forwarding here but I can only forward traffic to one server (not 2).

I have tried sending each server ovpn files from the other 2 servers. That allows the server A to ping the other two servers (B&C) and their respective clients, but the clients behind server A cannot send a ping through server A to the other tunnels (client connections).

I have also tried creating two custom routing tables from here so all the ip addresses from Server2(and clients) and all of them from server 3(and clients) were in two custom routing tables in Server 1. My thought was the clients behind Server 1 could send a ping and the routing tables would route them. No response. I used tcpdump to watch the packets come into server 1 on the tun0 interface but they never got routed outbound.

The only caveat I have heavy traffic coming through the public eth0 of each server so I am sending all vpn traffic through eth1 (the internal nic).

Chris
  • 149
  • 5

1 Answers1

1



First of all you need to know that there are differences between a tun and tap device.
While tun only simulates a PTP connection, a tap device simulates a routing device.
You could create an extra tunnel (tap) between all those servers and set up routes.

That means you need to create two tap devices on each client.
Server1Tap1 needs to be in the same subnet as Server2Tap1.
Server1Tap2 needs to be in the same subnet as Server3Tap1.
Server2Tap2 needs to be in the same subnet as Server3Tap2.
Then you need to create routes from each server to another.
Remember to allow routing on each server:

echo 1 > /proc/sys/net/ipv4/ip_forward

mushr00mer1990
  • 351
  • 4
  • 14