openvpn-install icon indicating copy to clipboard operation
openvpn-install copied to clipboard

Published 20 hours ago verified publisher icon angristan

Does not work when Floating IP is used on Digital Ocean

Open raghunath-r-a opened this issue 6 years ago • 3 comments

When the script is run for the first time, it will automatically detect the Public IP.

But when the Floating IP is mentioned instead of the default Public IP, the set up is not working. That is, the OpenVPN client is not able to establish a connection with the server.

raghunath-r-a avatar Nov 28 '18 20:11 raghunath-r-a

Use domain instead of IP. When floating IP is being used, just update DNS record.

x0r2d2 avatar May 10 '19 09:05 x0r2d2

Alright, I managed to get the DO floating ip working (thanks to this and some play around)!

So here's how:

  1. Make sure you have floating ip enabled on the droplet with curl -s http://169.254.169.254/metadata/v1/floating_ip/ipv4/active (if so, will return true)
  2. Get your anchor-ip with curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address
  3. Get your floating-ip with curl -s http://169.254.169.254/metadata/v1/floating_ip/ipv4/ip_address
  4. Run ./openvpn-install.sh (uninstall first if you have it installed already) and follow the process providing the anchor-ip for all instances when the ip of the vpn is asked for
  5. Comment out/replace line 1 (iptables -t nat -I POSTROUTING (...)) of both /etc/iptables/rm-openvpn-rules.sh and /etc/iptables/add-openvpn-rules.sh to use instead iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source anchor-ip
  6. (In my case I had some leftover iptables nat rules from previous experiments, so I had to flush the whole thing with iptables -t nat -F)
  7. Add local anchor-ip in a new line in /etc/openvpn/server.conf
  8. Restart the server
  9. Update in your local machine .ovpn config to connect to the vpn using the floating-ip (replacing the line remote (...) with remote floating-ip 1194)
  10. That's it! Now if you connect to the vpn and hit https://api.ipify.org/ you should see the floating-ip

cellulosa avatar Oct 12 '19 17:10 cellulosa

Thanks a lot.

In step 4, when it asks you for the public IP for the first time, you should provide the anchor-ip. From this, the script will sense/detect that the IP is behind NAT, so it will ask you for the real public IP in the next question; and, this time you supply it with the floating-ip. Doing it this way will save you from modifying the .ovpn file in step 9, as it will already contain the correct configuration for remote. i,e. remote floating-ip 1194. I have tested it and it works.

KamranAzeem avatar Dec 30 '21 07:12 KamranAzeem