How to setup a Double OpenVPN configuration

Sam - September 22, 2016

How to setup a Double OpenVPN configuration

Tutorials

Introduction

In this tutorial I am going to show you how to setup a Double OpenVPN which is essentially the process chaining VPN servers to create a different exit point / IP address than the original connection.

This is a relatively easy process but there’s very little information out there on how to achieve this or it’s overly complicated. We will do this in the simplest and easiest way that I know possible.

*This tutorial will assume you already know how to setup a basic OpenVPN server and also client connection*

I may do a more in depth tutorial later but I feel that people who want to create a Double OpenVPN tunnel have already passed basic training on Linux and VPNs and networking.

Why would we want to create a Double OpenVPN configuration?

Every one has their own reasons but my reason for creating this configuration is that I want to have an exit IP in the USA but my ping is too high and the routing to the USA isn’t too good so I create a first hop in Tokyo or Singapore which then connects to my USA server.

Find the perfect Proxy Product.

Proxyrack offers a multiple options to suit most use cases, if you are unsure our 3 Day Trial allows you to test them all.

Security

Residential proxies

Never get blocked, choose your location

View all option available
Vault

Datacenter proxies

Super fast and reliable

View all option available
Try

3 Day Trial

Test all products to find the best fit

View all option available

In this diagram we can assume:

  • ServerA = Tokyo

  • ServerB = USA

Let’s Begin..

I will assume you already have setup a OpenVPN server and have root access.

The second OpenVPN server we do not require access to 😉

Step 1 — Setup routing rules

If we look at our ifconfig we can see that tun0 (our local OpenVPN server) has internal IP address of 108.61.168.1

[email protected]:/etc/openvpn# ifconfig
ens3      Link encap:Ethernet  HWaddr 56:00:00:32:7b:2b  
          inet addr:108.61.168.153  Bcast:255.255.254.0  Mask:255.255.254.0
          inet6 addr: fe80::5400:ff:fe32:7b2b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:122189 errors:0 dropped:0 overruns:0 frame:0
          TX packets:134190 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:88730666 (88.7 MB)  TX bytes:21559674 (21.5 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:500 (500.0 B)  TX bytes:500 (500.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:108.61.168.1  P-t-P:108.61.168.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Now instead of normally adding the IP table MASQUERADING rule we want to add an IP routing rule instead.

Command:

ip route add default via 108.61.168.1 dev ens3 table 102

ens3 is our main interface

Now let’s add the following 3 iptables rules:

iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
iptables -t mangle -A OUTPUT -p udp -m udp --sport 80 -j MARK --set-mark 0x2

Port 80 is our local port OpenVPN is listening on

Next we add this IP route rules:

ip rule add fwmark 0x2/0x2 lookup 102
ip rule add from 108.61.168.153 table 102

Step 2 – Connect to our second server

Now we need to connect to our second OpenVPN server, in this case we will use the program screen

You can download and install it quickly:

sudo apt-get -y install screen

Let’s create our screen

screen -S vpn

Now assuming our second OpenVPN servers connection config is called “second.ovpn” we will connect to it here

openvpn --config /path/to/second.ovpn

You can then disconnect from your screen session by pressing ctrl + a + d

Finished!

If everything went correctly you should just be able to connect to your OpenVPN server and all traffic will be routed over a second hop (server).

Find the perfect Proxy Product.

Proxyrack offers a multiple options to suit most use cases, if you are unsure our 3 Day Trial allows you to test them all.

Security

Residential proxies

Never get blocked, choose your location

View all option available
Vault

Datacenter proxies

Super fast and reliable

View all option available
Try

3 Day Trial

Test all products to find the best fit

View all option available

Proxyrack - October 8, 2022

Social Media Security Report

ArticlesTutorials
Read Article

Daniel - May 9, 2022

How To Create A Custom SEO Tool

Tutorials
Read Article

Daniel - May 9, 2022

Best Proxies For Enterprises

Tutorials
Read Article

Daniel - April 7, 2022

What Is Autofill Magic?

Tutorials
Read Article

Get Started by signing up for a Proxy Product

View Plans