Search the Community

I am maybe a little crazy but I am trying to forward network traffic from two differents SSID to two different vps running openvpn. Why ? Because I have two VPS and I woud like to able to browse the Internet from all my device just selecting a WiFi network. Sorry for this dirty hack ; the pineapple is a cool offensive device that I love use but I am trying to configure it as something like a smart defensive device :) Well, my setup is working well with only one wifi / tun interface. It seems impossible to work that with the two VPN at the same time (openvpn client). I don't understand why :/ I think it's not a very complicate setup I hope somebody could help me here since you're network experts. I think it's a routing issue but I am not sure. So my question is the following : - How can I forward correctly forward the network traffic from my two wifi subnets to each tun / vpn interface at the same time ? Anyone can help me to fix this please ? Below few details about my setup : To simplify this, my setup looks like : eth0 (internet link) <===== tun0 <==== wifi-A eth0 (internet link) <===== tun1 <==== wifi-B Note the following statements : 1. My openwrt device get the Internet link with the eth0 interface using DHCP 2. I created a bridge on my wlan0 interface to be able to broadcast two SSID : (wifi-a & wifi-b) 3. On wifi-a : a DHCP server is running pool 172.17.42.100-200 gw 172.18.42.1 4. On wifi-b : a DHCP server is running pool 172.18.42.100-200 gw 172.18.42.1 5. I have two VPS where I installed openvpn : PublicIP-1 & PublicIP-2 6. I run on my device two openvpn client to public-IP-1 (tun0) and to public-IP-2 (tun1) 7. Finally I nated wifi-a subnet to tun0 and wifi-b subnet to tun1 with the following iptables rules : iptables -t nat -A POSTROUTING -s 172.17.42.0/24 -o tun0 -j MASQUERADE iptables -A FORWARD -s 172.17.42.0/24 -o tun0 -j ACCEPT iptables -A FORWARD -d 172.17.42.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT iptables -t nat -A POSTROUTING -s 172.18.42.0/24 -o tun1 -j MASQUERADE iptables -A FORWARD -s 172.18.42.0/24 -o tun1 -j ACCEPT iptables -A FORWARD -d 172.18.42.0/24 -m state --state ESTABLISHED,RELATED -i tun1 -j ACCEPT Below my interface details : eth0 inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0 br-wifi-a inet addr:172.17.42.1 Bcast:172.17.42.255 Mask:255.255.255.0 br-wifi-b inet addr:172.18.42.1 Bcast:172.18.42.255 Mask:255.255.255.0 tun0 inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255 tun1 inet addr:10.9.0.6 P-t-P:10.9.0.5 Mask:255.255.255.255 My route table : Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0 10.9.0.1 10.9.0.5 255.255.255.255 UGH 0 0 0 tun1 10.9.0.5 * 255.255.255.255 UH 0 0 0 tun1 [PublicIP-VPS-1] 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0 [PublicIP-VPS-2] 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0 172.17.42.0 * 255.255.255.0 U 0 0 0 br-wifiA 172.17.42.0 * 255.255.255.0 U 0 0 0 br-wifiB 172.22.42.0 * 255.255.255.0 U 0 0 0 br-lan 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 **Quick debug :** ping google.com -I tun1 PING google.fr (108.177.119.94): 56 data bytes 64 bytes from 108.177.119.94: seq=0 ttl=43 time=29.665 ms ping google.com -I tun0 PING google.fr (108.177.119.94): 56 data bytes 64 bytes from 108.177.119.94: seq=0 ttl=43 time=30.277 ms ping google.com -I eth0 PING google.fr (108.177.119.94): 56 data bytes 64 bytes from 108.177.119.94: seq=0 ttl=42 time=17.860 ms ^C Again, I think it's routing issue but I am maybe to much tired to see my mistake. Can you help me to debug this ? Thanks for your help guys,