HOW manage my OUT IP (Failover) on my OpenVPN with Vesta Firewall ?
Posted: Fri May 19, 2017 7:15 am
I have installed OpenVPN with the DigitalOcean article. It was work very well and I have installed 3 IP failover on my VPS. I succeed to forward my OUT IP on my VPN with each ips failover.
With this configuration in /etc/ufw/before.rules (I just need to comment and uncomment the IP I want to use)
It worked very well. But since I installed VestaCp on my VPS to managed website with the third IP failover (Didn't use by my VPN). I open the port of VPN UDP/1194 on the Vesta Control Panel. My VPN works excepted that I can't change my forward POSTROUTING ... SNAT --to-source 88.123.36.12 Because VestaCP doesn't use UFW.
So, I try to manage the iptable directly in CLI sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 88.123.36.12 but it changes nothing.
My ifconfig :
Did you have an idea how can I solve my problem and change/manage my out address IP when I want?
Thank you very much
With this configuration in /etc/ufw/before.rules (I just need to comment and uncomment the IP I want to use)
Code: Select all
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 176.43.232.12
#-A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 88.123.36.12
##COMMIT
# END OPENVPN RULES
So, I try to manage the iptable directly in CLI sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 88.123.36.12 but it changes nothing.
My ifconfig :
Code: Select all
ens3 Link encap:Ethernet HWaddr fa:16:3e:6d:e2:cc
inet addr:217.182.91.17 Bcast:217.54.67.7
Mask:255.255.255.255
inet6 addr: fe80::f816:3eff:fe6d:e2cc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:115436 errors:0 dropped:0 overruns:0 frame:0
TX packets:109982 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19909467 (19.9 MB) TX bytes:25957589 (25.9 MB)
ens3:0 Link encap:Ethernet HWaddr fa:16:3e:6d:e2:cc
inet addr:176.43.232.12 Bcast:176.43.232.12 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
ens3:1 Link encap:Ethernet HWaddr fa:16:3e:6d:e2:cc
inet addr:88.123.36.12 Bcast:88.123.36.12 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
ens3:2 Link encap:Ethernet HWaddr fa:16:3e:6d:e2:cc
inet addr:94.58.205.12 Bcast:94.58.205.12 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1478 errors:0 dropped:0 overruns:0 frame:0
TX packets:1478 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:1106877 (1.1 MB) TX bytes:1106877 (1.1 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:5317 errors:0 dropped:0 overruns:0 frame:0
TX packets:6942 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:791672 (791.6 KB) TX bytes:6107499 (6.1 MB)
Thank you very much