Bridging WAN over OpenVPN
-
Hi people,
Here's a real puzzle. I've got a VPS with a handful of public IPs on it. I've got VPNs going in to the VPS, from several mobile physical locations. The VPS then NATs 1:1 with various private IPs on the farside of the VPNs. This solution has generally worked well. Now I'm running into an issue where certain applications/VMs are expecting to see a particular public IP on their interface, but they instead see whatever local IP has been DHCPed to them (usually statically) instead.
The solution I've thought up is to use an Tap tunnel, in hopes that it will pass traffic directly. Here are the steps I've taken:
I created a new OpenVPN server in Tap mode on the VPS. I opened the inbound WAN port. I'm using a shared key to keep things simple. Initially, I didn't use a tunnel IP (because my understanding is it's not necessary in Tap mode). When my first experiment failed, I did set a tunnel IP range.
Then, I set up the client with the appropriate VPN settings. The VPN client and server connected as expected.
I set interfaces for the VPN client and server (OVPNC and OVPNS), but I didn't set their IPs. On the VPS, I bridged OVPNS to WAN, and on the client, I bridged OVPNC to SERVERS (the non-natted, non-IPed network where I have a test server). On the test server, I set it's IP as one of the VPSes public IPs, and used the same gateway/subnet mask of the VPSes primary WAN address.
The test server is Mint Linux (yeah, I know. Keep in mind, this is just a test configuration). I got a notification that a connection had been established, but I haven't been able to ping anything, nor have anything ping it.
I went into the firewall rules and opened up everything on SERVERS and both VPN interfaces (OVPNC and OVPNS). Still nothing.
Is what I'm trying to do possible? Is there a better way to do what I'm doing? Is there something silly I'm overlooking?
Thanks.