====== Proxy ARP ======

====== Forward server real EXT IP to client ======

===== Server =====
<file | server.conf>
...
script-security 2
client-connect      /etc/openvpn/client-connect.sh
client-disconnect   /etc/openvpn/client-disconnect.sh
...
</file>

<file bash | client-connect.sh>
#!/bin/sh
case ${common_name} in
    "client_CN")
        /usr/sbin/ip nei add proxy ${ifconfig_pool_remote_ip} dev eth0.2
        /usr/sbin/ip route add ${ifconfig_pool_remote_ip} dev ${dev}
        /usr/sbin/iptables -t nat -A postrouting_wan_rule -s ${ifconfig_pool_remote_ip} -j ACCEPT
        ;;
esac
exit 0

</file>

<file bash | client-disconnect.sh>
#!/bin/sh
case ${common_name} in
    "client_CN")
        /usr/sbin/ip neigh delete ${ifconfig_pool_remote_ip} dev eth0.2
        /usr/sbin/ip route del ${ifconfig_pool_remote_ip} dev ${dev}
        /usr/sbin/iptables -t nat -D postrouting_wan_rule -s ${ifconfig_pool_remote_ip} -j ACCEPT
        ;;
esac
exit 0

</file>


===== Client =====

Client side up and down scripts, to set correct source IP address:
<file bash | up.sh>
#!/bin/bash
table=10

tun_dev=$1
tun_mtu=$2
link_mtu=$3
ifconfig_local_ip=$4
ifconfig_remote_ip=$5

echo "Routing client $ifconfig_local_ip traffic through VPN"
ip rule add from $ifconfig_local_ip priority 10 table $table
ip route add ifconfig_local_ip dev $tun_dev table $table
ip route add default via $ifconfig_remote_ip dev $tun_dev table $table
ip route flush cache

</file>

<file bash | down.sh>
#!/bin/sh
tun_dev=$1
tun_mtu=$2
link_mtu=$3
ifconfig_local_ip=$4
ifconfig_remote_ip=$5

echo "Delete client $ifconfig_local_ip traffic routing through VPN"
ip rule del from $ifconfig_local_ip priority 10 table 10
ip route del $ifconfig_local_ip dev $tun_dev table 10
ip route del default via $ifconfig_remote_ip dev $tun_dev table 10
ip route flush cache
</file>