25
linuxxx
7y

Question for networking persons or persons who might know more about this than me in general.

I'm looking at setting up a server as vpn server (that part I know) which tunnels everything through multiple other vpn connections.

So let's say I've got a vps which I connect to through vpn. I then want that vps to have one or multiple connections to other vpn servers.

That way i can connect my devices to this server which routes everything to/through other services like mullvad :).

Tried it before but ended up losing ssh access until reboot 😬

Anyone ideas?

Comments
  • 0
    📌

    Interesting thought. Wanna know more.
  • 0
  • 1
    not sure about multiple vpns, besides maybe a fallback setup but generally as long as you setup the outgoing vpn to start before the vpn server starts it should just work
  • 0
    possible, but why?
    - slower
    - greater ping
    - multiple nameserver needed
    - ...
  • 0
    @stop I don't care much about the speed, most of my servers can handle about 500-1000mbit/s and at least nordvpn and mullvad can handle several hundreds of megabits a second so I'll be good :)

    Why multiple nameservers?
  • 0
    because of the ping, my vpn adds about 30 ms to the serverping, so to get repeated requests fast you need one nameserver on each user endpoint.
  • 1
    @linuxxx
    Aren't you describing basically some sort of onion routing.
    If so, I'd start from researching it.
  • 0
    @joas I've been researching this for a few months now but can't figure it out so yeah, a question on here it is!
  • 0
    @stop I'm just not sure what a DNS server has to do with this... I've got a pihole on one of my servers which also acts as domain blocker (things like Google and Facebook and stuff return nothing)
  • 0
    @linuxxx Have you tried setting up a custom Tor network?
  • 1
    Sorry just throwing ideas.
  • 1
    @joas That's alright, I'm looking for that!
    @Condor I'm aware of this yesss

    @joas Well I only want this to be a vpn forwarding thingy so a custom tor network would be a little too much
  • 0
    So you want everything in to one VPN on one VPS and then from that one VPS to other VPS?

    How many do you want in the chain?
  • 0
    @seraphimsystems Nono, one vps which I can connect to through OpenVPN and that vps simply connects to one more more other vpn servers. Not through a chain, just multiple servers.
  • 0
    @linuxxx that should be possible trough iptables and NATing
  • 0
    @stop Help 😅
  • 0
    @linuxxx wait 2-3 hours then i can send you some rules for iptables.
  • 0
    @stop Sounds great!
  • 3
    Have you tried using nginx to forward everything from a port to mullvad?
  • 1
    I've thought about this myself. Even when just doing simple point-to-point VPNs using OpenVPN, I often find myself struggling. I've gotten pretty good at openvpn and iptables though. :-P

    The key is probably using a different 10.x.x.x subnet on each hop and being very careful with your routes. #openvpn on Freenode/IRC is your friend, and 9 times out of 10, your issue is your firewall.
  • 0
    @djsumdog Damn I can work very little with IPTables myself haha, i can work with CSF though
  • 0
    @elcore Agreed! Just have to figure it out first 😅
  • 0
    iptables -A FORWARD -o tun0 -i tun0 -s 10.1.0.0/24 -m conntrack --ctstate NEW -j ACCEPT

    iptables -A FORWARD -o tun1 -i tun1 -s 10.1.1.0/24 -m conntrack --ctstate NEW -j ACCEPT

    iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

    iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

    iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
  • 0
    @stop What's the difference between tun0 and tun1?

    Thanks by the way, I'll see how I can implement this soon!
  • 1
    @linuxxx these are the networkdevices of openvpn. Openvpn has two modes:

    tun and tap. TAPs are networkdevices and TUNs are IP-Tunnels. You can send IP, IPv6, X.25, its like an ethernet device, but TUNs can only send IP and IPv6 (if specified).
  • 0
    @stop Just tried those rules but then it doesnt work for me. I of course changed the ip addresses to the correct ones!
  • 2
    @linuxxx did you make sure ip forwarding is enabled in sysctl?
  • 0
  • 0
    If you want to connect via SSH to a server that connects to a VPN, I'll work best to give the server a second NIC, and use the second one for SSH.
Add Comment