Hello Guys,
I am trying to forward network traffic from two differents SSID to two different vps running openvpn.
Why ? Because I have two VPS and I woud like to able to browse the Internet from all my devices just selecting a WiFi network without be force to install a VPN client on my personal devices.
Well, my setup is working well with only one wifi / tun interface. It seems impossible to work that with the two VPN at the same time (openvpn client).
I don't understand why 
I think it's not a very complicate setup I hope somebody could help me here since you're network experts.
I think it's a routing issue but I am not sure. So my question is the following :
- How can I forward correctly forward the network traffic from my two wifi subnets to each tun / vpn interface at the same time ?
Anyone can help me to fix this please ? Below few details about my setup :
To simplify this, my setup looks like :
eth0 (internet link) <===== tun0 <==== wifi-A
eth0 (internet link) <===== tun1 <==== wifi-BNote the following statements :
1. My openwrt device get the Internet link with the eth0 interface using DHCP
2. I created a bridge on my wlan0 interface to be able to broadcast two SSID : (wifi-a & wifi-b)
3. On wifi-a : a DHCP server is running pool 172.17.42.100-200 gw 172.18.42.1
4. On wifi-b : a DHCP server is running pool 172.18.42.100-200 gw 172.18.42.1
5. I have two VPS where I installed openvpn : PublicIP-1 & PublicIP-2
6. I run on my device two openvpn client to public-IP-1 (tun0) and to public-IP-2 (tun1)
7. Finally I nated wifi-a subnet to tun0 and wifi-b subnet to tun1 with the following iptables rules :
iptables -t nat -A POSTROUTING -s 172.17.42.0/24 -o tun0 -j MASQUERADE
iptables -A FORWARD -s 172.17.42.0/24 -o tun0 -j ACCEPT iptables -A
FORWARD -d 172.17.42.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.18.42.0/24 -o tun1 -j MASQUERADE
iptables -A FORWARD -s 172.18.42.0/24 -o tun1 -j ACCEPT iptables -A
FORWARD -d 172.18.42.0/24 -m state --state ESTABLISHED,RELATED -i tun1 -j ACCEPTBelow my interface details :
eth0 inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
br-wifi-a inet addr:172.17.42.1 Bcast:172.17.42.255 Mask:255.255.255.0
br-wifi-b inet addr:172.18.42.1 Bcast:172.18.42.255 Mask:255.255.255.0
tun0 inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
tun1 inet addr:10.9.0.6 P-t-P:10.9.0.5 Mask:255.255.255.255My route table :
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0
10.9.0.1 10.9.0.5 255.255.255.255 UGH 0 0 0 tun1
10.9.0.5 * 255.255.255.255 UH 0 0 0 tun1
[PublicIP-VPS-1] 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
[PublicIP-VPS-2] 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
172.17.42.0 * 255.255.255.0 U 0 0 0 br-wifiA
172.17.42.0 * 255.255.255.0 U 0 0 0 br-wifiB
172.22.42.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0Quick debug :
ping google.com -I tun1 PING google.fr (108.177.119.94): 56 data bytes 64 bytes from 108.177.119.94: seq=0 ttl=43 time=29.665 ms
ping google.com -I tun0 PING google.fr (108.177.119.94): 56 data bytes 64 bytes from 108.177.119.94: seq=0 ttl=43 time=30.277 ms
ping google.com -I eth0 PING google.fr (108.177.119.94): 56 data bytes 64 bytes from 108.177.119.94: seq=0 ttl=42 time=17.860 ms ^CAgain, I think it's routing issue but I am maybe to much tired to see my mistake. Can you help me to debug this ?
Thanks for your help guys,
Additionally, I am trying to fix that with iproute2 with :
echo "1 vpna" >> /etc/iproute2/rt_tables
echo "2 vpnb" >> /etc/iproute2/rt_tables
ip rule add from 10.8.0.0/24 dev tun0 table vpna
ip rule add from 10.9.0.0/24 dev tun1 table vpnb
ip route add default via 10.8.0.5 dev tun0 table vpna
ip route add default via 10.9.0.5 dev tun1 table vpnbBut I am still wrong Any idea ?
(Last edited by rand0m_dud3 on 23 Sep 2017, 23:34)