Question

Route all OpenVPN connections through Floating IP

I used this tutorial to setup an OpenVPN server on a Debian droplet: https://github.com/Nyr/openvpn-install I’ve also added a floating IP to the droplet, and now I’d like all connections to the VPN to appear as if they are coming from the floating IP, and NOT the primary IP of the server

When SSHing into the server, I managed to use the floating IP with a curl call:

curl --interface [ACNHOR-IP] https://api.ipify.org/

This worked - it gave the floating IP as response

How can it be done? I saw this tutorial, but not sure what are the correct values, since the netstat -anr doesn’t give a similar output (I have only one record: eth0 )

Thanks in advance

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

AlexOctober 10, 2018
Accepted Answer

I managed to get both incoming connection and outgoing to occur via the floating ip. In /etc/openvpn/server.conf i added a line local floating-local-ip(10.19.0.6) after which i restarted openvpn with service openvpn restart. After that i have removed/added some iptables rules like below:

iptables -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to-source droplet-ip
iptables -t nat -D POSTROUTING -s 10.0.0.2/32 -o eth0 -j SNAT --to-source 10.19.0.6
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
iptables-save

root@ghost-s-1vcpu-1gb-fra1-01:~# netstat -anr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         165.227.144.1   0.0.0.0         UG        0 0          0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U         0 0          0 tun0
10.19.0.0       0.0.0.0         255.255.0.0     U         0 0          0 eth0
165.227.144.0   0.0.0.0         255.255.240.0   U         0 0          0 eth0
root@ghost-s-1vcpu-1gb-fra1-01:~# netstat -ltnup | grep 1194
udp    12288      0 10.19.0.6:1194          0.0.0.0:*                           829/openvpn
root@ghost-s-1vcpu-1gb-fra1-01:~#

In my user.ovpn i have replaced remote droplet-ip 1194 with remote floating-ip 1194

All of the above was on a clean Ubuntu 18.04 install.

raymoncadaMarch 8, 2019

This is the answer you are looking for: https://blog.programster.org/openvpn-digitalocean-ip-alias

AlexOctober 9, 2018

Heya,

Maybe this will help you with your task.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel
Get started for free

Enter your email to get $200 in credit for your first 60 days with DigitalOcean.

New accounts only. By submitting your email you agree to our Privacy Policy.

© 2023 DigitalOcean, LLC.