OpenVPN and port forwarding without SNAT
by gattocarlo from LinuxQuestions.org on (#6KDZK)
Hello,
I have two houses with two different ISPs. In one, let's call it A, I have only a very small router running OpenWRT and the only VPN solution available is OpenVPN (I cannot install anything else on this 4/32 toy). OpenVPN connects it to my second house, B, where I have a powerful server.
My idea was to forward SMTP traffic from A to B, since A has a static IP with an appropriate reverse DNS. The forwarding should not include SNAT, since I want to preserve the logs of the connections to the mail server, and I was thinking to use policy routing to route the mail server responses back via the A router.
The problem is that OpenVPN will drop any packet if the source address does not belong to the internal network. I cannot understand why but this seems to be done on purpose:
https://forums.openvpn.net/viewtopic.php?t=32982
https://forums.openvpn.net/viewtopic.php?t=32714
Now, I have no idea how I could achieve my goal given my limitation (even a GRE tunnel is not possible since iproute2 on the small router doesn't have the GRE module). Any suggestion would be greatly appreciated.
Best,
andrea
I have two houses with two different ISPs. In one, let's call it A, I have only a very small router running OpenWRT and the only VPN solution available is OpenVPN (I cannot install anything else on this 4/32 toy). OpenVPN connects it to my second house, B, where I have a powerful server.
My idea was to forward SMTP traffic from A to B, since A has a static IP with an appropriate reverse DNS. The forwarding should not include SNAT, since I want to preserve the logs of the connections to the mail server, and I was thinking to use policy routing to route the mail server responses back via the A router.
The problem is that OpenVPN will drop any packet if the source address does not belong to the internal network. I cannot understand why but this seems to be done on purpose:
https://forums.openvpn.net/viewtopic.php?t=32982
https://forums.openvpn.net/viewtopic.php?t=32714
Now, I have no idea how I could achieve my goal given my limitation (even a GRE tunnel is not possible since iproute2 on the small router doesn't have the GRE module). Any suggestion would be greatly appreciated.
Best,
andrea