Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How do I add muliple ips to my created vpn server?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How do I add muliple ips to my created vpn server?

jacnojacno Member

Hi guys I started a project of learning how to set up my own vpn server. I'm using a ohv small vps. I know the very very basics of linux and my networking skills are minimal unfortunately so I need some help.

I followed a youtube video on installing and using openvpn. I basically used "the roadwarrior" script https://github.com/Nyr/openvpn-install to make it easy as possible to set up.

Now I got it working and it works great, but the roadwarrior script doesn't give me an option to add more than 1 ip. I ordered 1 extra ip from ovh to test with, so I should have 2 ips on the server. And this is where I'm stuck.

How am I supposed to make my server aware that it has this extra ip? That road warrior script was easy, how would i just add an extra ip to it?

Comments

  • CamCam Member, Patron Provider

    So you need to make openvpn listen on all interfaces. Try out this guide. Let me know if you need help. serverfault.com/questions/516098/two-ips-one-openvpn-instance-impossible

  • jacnojacno Member
    edited January 2017

    @cam246 said:
    So you need to make openvpn listen on all interfaces. Try out this guide. Let me know if you need help. serverfault.com/questions/516098/two-ips-one-openvpn-instance-impossible

    thanks cam, but im still unsure what i'm supposed to do after reading that.

    says i need to add a "--multihome" option, but how do i do that? Also i did that" netstat -nlp" command but it doesn't show my server ip address, not even the extra ip i ordered. I hate linux!

  • godtorgodtor Member, Host Rep

    Hello, first use: ifconfig -a in the terminal as root to check if you really have 2 IP's assigned to your interface. Also, you need the iptables rule for the secondary IP like:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source

    Thanked by 1jacno
  • @godtor said:
    Hello, first use: ifconfig -a in the terminal as root to check if you really have 2 IP's assigned to your interface. Also, you need the iptables rule for the secondary IP like:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source

    Thanks. Yeah I did the ifconfig-a command, its there alright. I also pinged from my laptop at home to the vps's 2nd ip, and i get a response.
    as for the iptables command, should i enter that exact line or replace the 10.8.0.0/24 with my own 2nd ip?

  • @jacno said:

    @godtor said:
    Hello, first use: ifconfig -a in the terminal as root to check if you really have 2 IP's assigned to your interface. Also, you need the iptables rule for the secondary IP like:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source

    Thanks. Yeah I did the ifconfig-a command, its there alright. I also pinged from my laptop at home to the vps's 2nd ip, and i get a response.
    as for the iptables command, should i enter that exact line or replace the 10.8.0.0/24 with my own 2nd ip?

    No, 10.8.0.0/24 is the internal ip block, don't touch that.

    Type ifconfig and see which interfaces there are, for each eth interface type that iptables commamd e.g. for eth0:0, eth0:1 etc.

  • @joodle said:

    @jacno said:

    @godtor said:
    Hello, first use: ifconfig -a in the terminal as root to check if you really have 2 IP's assigned to your interface. Also, you need the iptables rule for the secondary IP like:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source

    Thanks. Yeah I did the ifconfig-a command, its there alright. I also pinged from my laptop at home to the vps's 2nd ip, and i get a response.
    as for the iptables command, should i enter that exact line or replace the 10.8.0.0/24 with my own 2nd ip?

    No, 10.8.0.0/24 is the internal ip block, don't touch that.

    Type ifconfig and see which interfaces there are, for each eth interface type that iptables commamd e.g. for eth0:0, eth0:1 etc.

    I got 2 eth's, first is
    eth0
    that one is my main original ip, then the 2nd is
    eth0:1
    which I created when I got my ip emailed to me and has the 2nd ip address in it

    So I'll just enter:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0:1 -j SNAT --to-source

    Does that look good? I"d test it out but I know linux very little and have no idea to back track if i screw it up

  • @jacno said:

    @joodle said:

    @jacno said:

    @godtor said:
    Hello, first use: ifconfig -a in the terminal as root to check if you really have 2 IP's assigned to your interface. Also, you need the iptables rule for the secondary IP like:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source

    Thanks. Yeah I did the ifconfig-a command, its there alright. I also pinged from my laptop at home to the vps's 2nd ip, and i get a response.
    as for the iptables command, should i enter that exact line or replace the 10.8.0.0/24 with my own 2nd ip?

    No, 10.8.0.0/24 is the internal ip block, don't touch that.

    Type ifconfig and see which interfaces there are, for each eth interface type that iptables commamd e.g. for eth0:0, eth0:1 etc.

    I got 2 eth's, first is
    eth0
    that one is my main original ip, then the 2nd is
    eth0:1
    which I created when I got my ip emailed to me and has the 2nd ip address in it

    So I'll just enter:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0:1 -j SNAT --to-source

    Does that look good? I"d test it out but I know linux very little and have no idea to back track if i screw it up

    Yep, looks fine to me.

  • jacnojacno Member
    edited January 2017

    @joodle said:

    @jacno said:

    @joodle said:

    @jacno said:

    @godtor said:
    Hello, first use: ifconfig -a in the terminal as root to check if you really have 2 IP's assigned to your interface. Also, you need the iptables rule for the secondary IP like:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source

    Thanks. Yeah I did the ifconfig-a command, its there alright. I also pinged from my laptop at home to the vps's 2nd ip, and i get a response.
    as for the iptables command, should i enter that exact line or replace the 10.8.0.0/24 with my own 2nd ip?

    No, 10.8.0.0/24 is the internal ip block, don't touch that.

    Type ifconfig and see which interfaces there are, for each eth interface type that iptables commamd e.g. for eth0:0, eth0:1 etc.

    I got 2 eth's, first is
    eth0
    that one is my main original ip, then the 2nd is
    eth0:1
    which I created when I got my ip emailed to me and has the 2nd ip address in it

    So I'll just enter:

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0:1 -j SNAT --to-source

    Does that look good? I"d test it out but I know linux very little and have no idea to back track if i screw it up

    Yep, looks fine to me.

    I get "iptables v1.4.14: option "--to-source" requires an argument

    Whats linux bickering about now

    edit: i added my 2nd ip to the end of that command line and it accepted it. How do i check if the iptables thing accepted it haha

  • If you haven't got an error it went through.

  • jacnojacno Member
    edited January 2017
    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination
    SNAT       all  --  10.8.0.0/24          anywhere             to:xxx.xx.xx.100
    SNAT       all  --  10.8.0.0/24          anywhere             to:xxx.xx.xx.177
    

    Looks good? So if my ip tables are correct, now I move on with the openvpn problem yes?

  • godtorgodtor Member, Host Rep

    @jacno said:
    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    SNAT all -- 10.8.0.0/24 anywhere to:xxx.xx.xx.100
    SNAT all -- 10.8.0.0/24 anywhere to:xxx.xx.xx.177

    Looks good? So if my ip tables are correct, now I move on with the openvpn problem yes?

    Is 10.8.0.0/24 your local ovpn subnet ? If yes then the rule is ok. If you want you can separate the subnets, make a new subnet for the secondary ip, that depends on how do you want to use this IP's.

Sign In or Register to comment.