Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
3
Replies

Proxying traffic from one VPN to another

juttkaleem214
Level 1
Level 1

‎09-30-2021 12:35 AM

I have a homelab running Debian. I connect to it via Wireguard. I would like to forward non-local http traffic through to NordVPN from the server. This way I can use my home server vpn accessing local resources while also gaining the benefits of an external VPN service. calvindude vietnam

At first I thought a double VPN would be possible, where the server is connected to NordVPN itself. But since NordVPN does not offer port forwarding I would have no way of connecting to the server.

I am guessing the solution will require some IP table wizardry.

Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎09-30-2021 12:40 AM

Hello,

 

my first thought is: virtualization. Does your setup support that ?

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni

‎09-30-2021 02:16 AM

Hi there,

The issue you will encounter will relate to default gateway used by the server. For wireguard to work and allow you to connect from any global routable public IP, the debian server must have a default gateway of your boundary router.

For NordVPN to work, it will adjust your routing table such that the default gateway will become the remote VPN tunnel endpoint. When the NordVPN is active, your traffic will path will be asymetric as return packets will leave via the NordVPN interface....this may not work at all.

 

@Georg Pauwen makes a good suggestion, spinning up a VM to host the NordVPN tunnel would provide you with separate routing tables, and using iptable to forward packets from the debian server to the VM would be the way to go. This page has what looks like the right iptables config:

https://wiki.vpsget.com/index.php/Forward_(redirect/nat)_traffic_with_iptables

 

Certainly a linux OS can host multiple routing tables, there must be way of placing the NordVPN interface in a separate routing table and use iptables to move traffic between the routing tables. .... I am thinking out loud and not sure if this is possible

 

cheers,

Seb.

0 Helpful

mursalahmed888
Level 1
Level 1

‎10-02-2021 03:45 AM

You can route normally - by destination address/network - or route based on policy (PBR) - by source address/network, protocol site

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card