meta data for this page
Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

Proxy ARP

Forward server real EXT IP to client

Server

server.conf
...
script-security 2
client-connect      /etc/openvpn/client-connect.sh
client-disconnect   /etc/openvpn/client-disconnect.sh
...
| client-connect.sh
#!/bin/sh
case ${common_name} in
    "client_CN")
        /usr/sbin/ip nei add proxy ${ifconfig_pool_remote_ip} dev eth0.2
        /usr/sbin/ip route add ${ifconfig_pool_remote_ip} dev ${dev}
        /usr/sbin/iptables -t nat -A postrouting_wan_rule -s ${ifconfig_pool_remote_ip} -j ACCEPT
        ;;
esac
exit 0
| client-disconnect.sh
#!/bin/sh
case ${common_name} in
    "client_CN")
        /usr/sbin/ip neigh delete ${ifconfig_pool_remote_ip} dev eth0.2
        /usr/sbin/ip route del ${ifconfig_pool_remote_ip} dev ${dev}
        /usr/sbin/iptables -t nat -D postrouting_wan_rule -s ${ifconfig_pool_remote_ip} -j ACCEPT
        ;;
esac
exit 0

Client

Client side up and down scripts, to set correct source IP address:

| up.sh
#!/bin/bash
table=10
 
tun_dev=$1
tun_mtu=$2
link_mtu=$3
ifconfig_local_ip=$4
ifconfig_remote_ip=$5
 
echo "Routing client $ifconfig_local_ip traffic through VPN"
ip rule add from $ifconfig_local_ip priority 10 table $table
ip route add ifconfig_local_ip dev $tun_dev table $table
ip route add default via $ifconfig_remote_ip dev $tun_dev table $table
ip route flush cache
| down.sh
#!/bin/sh
tun_dev=$1
tun_mtu=$2
link_mtu=$3
ifconfig_local_ip=$4
ifconfig_remote_ip=$5
 
echo "Delete client $ifconfig_local_ip traffic routing through VPN"
ip rule del from $ifconfig_local_ip priority 10 table 10
ip route del $ifconfig_local_ip dev $tun_dev table 10
ip route del default via $ifconfig_remote_ip dev $tun_dev table 10
ip route flush cache