Description: The customer would like to audit 1 of the system by who is accessing It and currently the customer seeing It that all logs are from the Network Connector private IP Address.
Sample Setup:
Network Connector (Ubuntu OS)
VPN IP Address: 100.96.1.214/30
Private IP Address: 172.31.14.149/20
Application System (CentOS OS)
Private IP Address: 172.31.9.88/20
Connected VPN User (Windows OS)
VPN IP Address: 100.96.1.34/28
Cause: When SNAT is enabled source IP address of all inbound traffic from OpenVPN Cloud will be set to VPN Gateway IP address.
SNAT is enabled by default in OpenVPN Cloud Portal.
Resolution: Step 1) You need to disable SNAT from your OpenVPN Cloud Portal > Settings > VPN > Edit > Disable: SNAT > Update.
Step 2) After disabling SNAT in OpenVPN Cloud Portal, next is deleting the configured NAT in iptables of the Network Connector.
# sudo iptables -t nat -D POSTROUTING 1
Step 3) Add routing in the Application System to have reachability for all the connected VPN users and the next-hop is the network connector.
# sudo ip route add 100.96.0.0/11 via 172.31.14.149 dev eth0
Step 4) From the connected VPN user confirm the VPN IP Address who is accessing the Application System.
Verify from Application System If It's showing now the VPN IP Address of who accessed the system instead of Network Connector IP Address.
Comments
0 comments
Please sign in to leave a comment.