Double VPN (OpenVPN)

vpn openvpn

I am trying to set up a double VPN with openvpn 2.3.4, on two Debian 8. Say I have this 'diagram':

client -> A (vpn server 1) -> B (vpn server 2)

Interfaces:

  • on A : eth0 with public ip & tun0 10.8.0.1
  • on B : eth0 with public ip & tun0 10.8.1.1

The connections between client and A and between A and B work respectively. Also, I cannot connect to server A whenever it is connected to server vpn B.

My guess is that I need a second interface on A in order to have:

  1. client binds his network interfaces to tun0 with the vpn connection initiated with A
  2. server A has an interface eth1 that serves the server-side VPN part and connects with openvpn client to vpn server B with interface eth0
  3. server B manages the connections from A and therefore from client

My question is : am I thinking correctly here ? Except theory, I haven't found any practical explanations about configuring double VPN...

Also, would it be possible to 'split' an interface (on A) into 2 new virtual ones (eth0:0 and eth0:1 for instance) and use them as replacement of eth0 and eth1 as described before ?

Thanks for the help !

EDIT 1: To answer qasdfdsaq and make my question clearer, I want : client connects through VPN tunnel from A -> A connects through VPN tunnel to B -> B manages clients connections

In the end, client should have server B's ip on the internet.

EDIT 2: I think I could actually summarize my problem as so: A and B are Debian 8 servers, where B is running openvpn server. A has one network interface with public ip, eth0, on which I can ssh. I ssh to A and launch openvpn client.

A is correctly connected through the tunnel to B and can access the web via B but, I cannot ssh anymore to A (because I guess that all, meaning here, the only interface I have available, is bound to the VPN connection.

Is there a way to counter this ?


I've detailed how i made a double VPN in a post here : http://www.optionull.com/2017/01/29/routing-traffic-through-openvpn-multiple-hops/

The setup I've used is:

  1. End point opens a tunnel (tun0) to server A.
  2. End point opens a tunnel (tun1) to server B within tun0.
  3. All traffic is routed through tun1 to the internet.

Related

Installing intermediate certificates in ELB
Windows PE autorun scripts
In IIS, Is it possible to execute a .HTML page as aspx?
Rewrite on root of domain only in nginx
Free reverse proxy with SSL for Windows [closed]
Environment variables for PHP applications
Compatibility of QSFP28 and SFP+ ports
SNAT in IP6Tables
Apache start failing after apache config modifications, showing syntax error, cannot load php5apache2_2.dll into server
Why use LVM? It creates more borders (less freedom)
MySQL Socket configuration issue in my.cnf
Moving an IIS 7 application into Default Website without removing and re-creating it