(Dec 29) New version 0.9.8-18 has been released

HOW manage my OUT IP (Failover) on my OpenVPN with Vesta Firewall ?

General questions about VestaCP
Forum rules
Before creating a new topic or reply on the forum you should fill out additional fields "Os" and "Web" in your profile section.
In case of violation, the topic can be closed or response from the support will not be received.
MatinGarix
Posts: 4
Joined: Wed May 17, 2017 6:37 pm

HOW manage my OUT IP (Failover) on my OpenVPN with Vesta Firewall ?

Postby MatinGarix » Fri May 19, 2017 7:15 am

I have installed OpenVPN with the DigitalOcean article. It was work very well and I have installed 3 IP failover on my VPS. I succeed to forward my OUT IP on my VPN with each ips failover.

With this configuration in /etc/ufw/before.rules (I just need to comment and uncomment the IP I want to use)

Code: Select all

    # START OPENVPN RULES
    # NAT table rules
    *nat
    :POSTROUTING ACCEPT [0:0]
    -A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 176.43.232.12
    #-A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 88.123.36.12
    ##COMMIT
    # END OPENVPN RULES


It worked very well. But since I installed VestaCp on my VPS to managed website with the third IP failover (Didn't use by my VPN). I open the port of VPN UDP/1194 on the Vesta Control Panel. My VPN works excepted that I can't change my forward POSTROUTING ... SNAT --to-source 88.123.36.12 Because VestaCP doesn't use UFW.

So, I try to manage the iptable directly in CLI sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/8 ! -d 10.8.0.0/8 -j SNAT --to-source 88.123.36.12 but it changes nothing.

My ifconfig :

Code: Select all

    ens3      Link encap:Ethernet  HWaddr fa:16:3e:6d:e2:cc 
              inet addr:217.182.91.17  Bcast:217.54.67.7
 Mask:255.255.255.255
              inet6 addr: fe80::f816:3eff:fe6d:e2cc/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:115436 errors:0 dropped:0 overruns:0 frame:0
              TX packets:109982 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:19909467 (19.9 MB)  TX bytes:25957589 (25.9 MB)
   
    ens3:0    Link encap:Ethernet  HWaddr fa:16:3e:6d:e2:cc 
              inet addr:176.43.232.12  Bcast:176.43.232.12  Mask:255.255.255.255
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
   
    ens3:1    Link encap:Ethernet  HWaddr fa:16:3e:6d:e2:cc 
              inet addr:88.123.36.12  Bcast:88.123.36.12  Mask:255.255.255.255
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
   
    ens3:2    Link encap:Ethernet  HWaddr fa:16:3e:6d:e2:cc 
              inet addr:94.58.205.12  Bcast:94.58.205.12  Mask:255.255.255.255
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
   
    lo        Link encap:Local Loopback 
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:1478 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1478 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1
              RX bytes:1106877 (1.1 MB)  TX bytes:1106877 (1.1 MB)
   
    tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
              inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:5317 errors:0 dropped:0 overruns:0 frame:0
              TX packets:6942 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:791672 (791.6 KB)  TX bytes:6107499 (6.1 MB)


Did you have an idea how can I solve my problem and change/manage my out address IP when I want?

Thank you very much

MatinGarix
Posts: 4
Joined: Wed May 17, 2017 6:37 pm

Re: HOW manage my OUT IP (Failover) on my OpenVPN with Vesta Firewall ?

Postby MatinGarix » Fri May 19, 2017 7:29 am

I solved my problem :

The new iptables rules is now in

Code: Select all

/etc/iptables.rules


How can I change my iptables NAT FORWARDING and be executed without reboot the server ? Thanks


Return to “General Discussion”



Who is online

Users browsing this forum: No registered users and 3 guests