Page 1 of 1

HOW manage my OUT IP (Failover) on my OpenVPN with Vesta Firewall ?

Posted: Fri May 19, 2017 7:15 am
by MatinGarix
I have installed OpenVPN with the DigitalOcean article. It was work very well and I have installed 3 IP failover on my VPS. I succeed to forward my OUT IP on my VPN with each ips failover.

With this configuration in /etc/ufw/before.rules (I just need to comment and uncomment the IP I want to use)

Code: Select all

    # START OPENVPN RULES
    # NAT table rules
    *nat
    :POSTROUTING ACCEPT [0:0]
    -A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 176.43.232.12
    #-A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 88.123.36.12
    ##COMMIT
    # END OPENVPN RULES
It worked very well. But since I installed VestaCp on my VPS to managed website with the third IP failover (Didn't use by my VPN). I open the port of VPN UDP/1194 on the Vesta Control Panel. My VPN works excepted that I can't change my forward POSTROUTING ... SNAT --to-source 88.123.36.12 Because VestaCP doesn't use UFW.

So, I try to manage the iptable directly in CLI sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 88.123.36.12 but it changes nothing.

My ifconfig :

Code: Select all

    ens3      Link encap:Ethernet  HWaddr fa:16:3e:6d:e2:cc  
              inet addr:217.182.91.17  Bcast:217.54.67.7 
 Mask:255.255.255.255
              inet6 addr: fe80::f816:3eff:fe6d:e2cc/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:115436 errors:0 dropped:0 overruns:0 frame:0
              TX packets:109982 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:19909467 (19.9 MB)  TX bytes:25957589 (25.9 MB)
    
    ens3:0    Link encap:Ethernet  HWaddr fa:16:3e:6d:e2:cc  
              inet addr:176.43.232.12  Bcast:176.43.232.12  Mask:255.255.255.255
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    
    ens3:1    Link encap:Ethernet  HWaddr fa:16:3e:6d:e2:cc  
              inet addr:88.123.36.12  Bcast:88.123.36.12  Mask:255.255.255.255
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    
    ens3:2    Link encap:Ethernet  HWaddr fa:16:3e:6d:e2:cc  
              inet addr:94.58.205.12  Bcast:94.58.205.12  Mask:255.255.255.255
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:1478 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1478 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1 
              RX bytes:1106877 (1.1 MB)  TX bytes:1106877 (1.1 MB)
    
    tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
              inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:5317 errors:0 dropped:0 overruns:0 frame:0
              TX packets:6942 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100 
              RX bytes:791672 (791.6 KB)  TX bytes:6107499 (6.1 MB)
Did you have an idea how can I solve my problem and change/manage my out address IP when I want?

Thank you very much

Re: HOW manage my OUT IP (Failover) on my OpenVPN with Vesta Firewall ?

Posted: Fri May 19, 2017 7:29 am
by MatinGarix
I solved my problem :

The new iptables rules is now in

Code: Select all

/etc/iptables.rules
How can I change my iptables NAT FORWARDING and be executed without reboot the server ? Thanks