meta data for this page
Proxy ARP
Forward server real EXT IP to client
Server
- server.conf
... script-security 2 client-connect /etc/openvpn/client-connect.sh client-disconnect /etc/openvpn/client-disconnect.sh ...
- | client-connect.sh
#!/bin/sh case ${common_name} in "client_CN") /usr/sbin/ip nei add proxy ${ifconfig_pool_remote_ip} dev eth0.2 /usr/sbin/ip route add ${ifconfig_pool_remote_ip} dev ${dev} /usr/sbin/iptables -t nat -A postrouting_wan_rule -s ${ifconfig_pool_remote_ip} -j ACCEPT ;; esac exit 0
- | client-disconnect.sh
#!/bin/sh case ${common_name} in "client_CN") /usr/sbin/ip neigh delete ${ifconfig_pool_remote_ip} dev eth0.2 /usr/sbin/ip route del ${ifconfig_pool_remote_ip} dev ${dev} /usr/sbin/iptables -t nat -D postrouting_wan_rule -s ${ifconfig_pool_remote_ip} -j ACCEPT ;; esac exit 0
Client
Client side up and down scripts, to set correct source IP address:
- | up.sh
#!/bin/bash table=10 tun_dev=$1 tun_mtu=$2 link_mtu=$3 ifconfig_local_ip=$4 ifconfig_remote_ip=$5 echo "Routing client $ifconfig_local_ip traffic through VPN" ip rule add from $ifconfig_local_ip priority 10 table $table ip route add ifconfig_local_ip dev $tun_dev table $table ip route add default via $ifconfig_remote_ip dev $tun_dev table $table ip route flush cache
- | down.sh
#!/bin/sh tun_dev=$1 tun_mtu=$2 link_mtu=$3 ifconfig_local_ip=$4 ifconfig_remote_ip=$5 echo "Delete client $ifconfig_local_ip traffic routing through VPN" ip rule del from $ifconfig_local_ip priority 10 table 10 ip route del $ifconfig_local_ip dev $tun_dev table 10 ip route del default via $ifconfig_remote_ip dev $tun_dev table 10 ip route flush cache