Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
not sure about multiple vpns, besides maybe a fallback setup but generally as long as you setup the outgoing vpn to start before the vpn server starts it should just work
-
@stop I don't care much about the speed, most of my servers can handle about 500-1000mbit/s and at least nordvpn and mullvad can handle several hundreds of megabits a second so I'll be good :)
Why multiple nameservers? -
stop68027ybecause of the ping, my vpn adds about 30 ms to the serverping, so to get repeated requests fast you need one nameserver on each user endpoint.
-
@joas I've been researching this for a few months now but can't figure it out so yeah, a question on here it is!
-
@stop I'm just not sure what a DNS server has to do with this... I've got a pihole on one of my servers which also acts as domain blocker (things like Google and Facebook and stuff return nothing)
-
So you want everything in to one VPN on one VPS and then from that one VPS to other VPS?
How many do you want in the chain? -
@seraphimsystems Nono, one vps which I can connect to through OpenVPN and that vps simply connects to one more more other vpn servers. Not through a chain, just multiple servers.
-
I've thought about this myself. Even when just doing simple point-to-point VPNs using OpenVPN, I often find myself struggling. I've gotten pretty good at openvpn and iptables though. :-P
The key is probably using a different 10.x.x.x subnet on each hop and being very careful with your routes. #openvpn on Freenode/IRC is your friend, and 9 times out of 10, your issue is your firewall. -
@djsumdog Damn I can work very little with IPTables myself haha, i can work with CSF though
-
stop68027yiptables -A FORWARD -o tun0 -i tun0 -s 10.1.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -o tun1 -i tun1 -s 10.1.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE -
@stop What's the difference between tun0 and tun1?
Thanks by the way, I'll see how I can implement this soon! -
@stop Just tried those rules but then it doesnt work for me. I of course changed the ip addresses to the correct ones!
-
bahua128017yIf you want to connect via SSH to a server that connects to a VPN, I'll work best to give the server a second NIC, and use the second one for SSH.
Related Rants
Question for networking persons or persons who might know more about this than me in general.
I'm looking at setting up a server as vpn server (that part I know) which tunnels everything through multiple other vpn connections.
So let's say I've got a vps which I connect to through vpn. I then want that vps to have one or multiple connections to other vpn servers.
That way i can connect my devices to this server which routes everything to/through other services like mullvad :).
Tried it before but ended up losing ssh access until reboot 😬
Anyone ideas?
question
help
vpn
vpn proxy