How to link the server configuration files to IPs?

Issues related to configuring your network
Post Reply
hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

How to link the server configuration files to IPs?

Post by hack3rcon » 2023/07/29 21:30:00

Hello,
Suppose several IP addresses are set on a NIC and the name of the NIC is eth0. For example, I have set 1.2.3.4, 1.2.3.5 and 1.2.3.6 IP addresses on the eth0.
I want to launch several server configuration files for each IP. For example, for IP 1.2.3.4, I want to launch Server-1.conf, Server-2.conf and Server-3.conf configuration files.
For IP 1.2.3.5, I want to launch Server-4.conf, Server-5.conf and Server-6.conf configuration files and so on.
Each .conf file is as follows:

Code: Select all

port 119X
proto udp
dev tunX
ca ca.crt
cert server.crt
key server.key 
dh dh.pem
server "IP" 255.255.255.0 
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8" 
keepalive 10 120
tls-auth ta.key 0 
data-ciphers AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
Your iptables rules are:

Code: Select all

# IF_MAIN=eth0
# IF_TUNNEL=tunX
# YOUR_OPENVPN_SUBNET="IP"/16
# iptables -I INPUT -p udp --dport 119X -j ACCEPT
# iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT
# iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADE
In the iptables rules I have mentioned the name of the NIC.
How can OpenVPN recognize that the configuration files Server-1.conf, Server-2.conf and Server-3.conf should be for IP address 1.2.3.4?
Should I change the name of the NIC to the IP address?


Thank you.

User avatar
jlehtone
Posts: 4551
Joined: 2007/12/11 08:17:33
Location: Finland

Re: How to link the server configuration files to IPs?

Post by jlehtone » 2023/07/30 09:40:04

In your case the "server" is OpenVPN and therefore your question is for OpenVPN community/documentation.
The CentOS Streams do not provide openvpn.
hack3rcon wrote:
2023/07/29 21:30:00
In the iptables rules I have mentioned the name of the NIC.
How can OpenVPN recognize that the configuration files Server-1.conf, Server-2.conf and Server-3.conf should be for IP address 1.2.3.4?
Should I change the name of the NIC to the IP address?
CentOS Streams do not provide iptables either. Not really. The kernel has nf-tables. There is still tool "iptables", but it is a wrapper to "nft", not the legacy iptables.

The default way to configure firewall is with front-end (firewall.service). With command "firewall-cmd" (or some GUI).
The alternative is lower level nftables.service, where you write your own nf-tables ruleset.

One of your rules has three match conditions:
-i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED

That is, IF -i $IF_MAIN
AND -o $IF_TUNNEL
AND -m state --state ESTABLISHED,RELATED

It is thus clearly possible to have multiple match conditions in a rule. (In both iptables and nf-tables rules.)
Matches based on address, protocol&port, etc do exists.


PS. Why can't all your VPN clients use one server at one address?

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: How to link the server configuration files to IPs?

Post by hack3rcon » 2023/07/30 13:39:52

jlehtone wrote:
2023/07/30 09:40:04
In your case the "server" is OpenVPN and therefore your question is for OpenVPN community/documentation.
The CentOS Streams do not provide openvpn.
hack3rcon wrote:
2023/07/29 21:30:00
In the iptables rules I have mentioned the name of the NIC.
How can OpenVPN recognize that the configuration files Server-1.conf, Server-2.conf and Server-3.conf should be for IP address 1.2.3.4?
Should I change the name of the NIC to the IP address?
CentOS Streams do not provide iptables either. Not really. The kernel has nf-tables. There is still tool "iptables", but it is a wrapper to "nft", not the legacy iptables.

The default way to configure firewall is with front-end (firewall.service). With command "firewall-cmd" (or some GUI).
The alternative is lower level nftables.service, where you write your own nf-tables ruleset.

One of your rules has three match conditions:
-i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED

That is, IF -i $IF_MAIN
AND -o $IF_TUNNEL
AND -m state --state ESTABLISHED,RELATED

It is thus clearly possible to have multiple match conditions in a rule. (In both iptables and nf-tables rules.)
Matches based on address, protocol&port, etc do exists.


PS. Why can't all your VPN clients use one server at one address?
Hello,
Because I want to divide my clients.

User avatar
jlehtone
Posts: 4551
Joined: 2007/12/11 08:17:33
Location: Finland

Re: How to link the server configuration files to IPs?

Post by jlehtone » 2023/07/30 14:17:18


Post Reply