i configured l2tp/ipsec server on ubuntu
also i installed openvpn client on this server
i need when l2tp client connect to this server traffic forward to openvpn and client get openvpn server ip address:
( for example if l2tp server public ip is 1.2.3.4 and openvpn server is 1.2.3.5 when l2tp client connect to server get 1.2.3.5 public ip address )
l2tp client <--> l2tp server <-- openvpn client --> openvpn server
l2tp clients subnet: 192.168.42.0/24
openvpn client: tun0: inet 10.8.0.2 netmask 255.255.255.0 destination 10.8.0.2
my iptables and route:
# Generated by iptables-save v1.6.1 on Tue Dec 3 16:45:27 2019
*nat
:PREROUTING ACCEPT [246:15683]
:INPUT ACCEPT [177:11140]
:OUTPUT ACCEPT [58:3868]
:POSTROUTING ACCEPT [58:3868]
-A POSTROUTING -s 192.168.42.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Dec 3 16:45:27 2019
# Generated by iptables-save v1.6.1 on Tue Dec 3 16:45:27 2019
*filter
:INPUT ACCEPT [168:8188]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4628:1611471]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -s 192.168.42.0/24 -d 192.168.42.0/24 -i ppp+ -o ppp+ -j ACCEPT
-A FORWARD -j DROP
COMMIT
# Completed on Tue Dec 3 16:45:27 2019
root@softeth:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default static.160.93.2 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
static.93.169.4 static.160.93.2 255.255.255.255 UGH 0 0 0 eth0
95.217.93.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
thanks
