I want to set up a VPN that uses the client’s IP when sending data out of the VPN server. I am able to use either OpenVPN (open-source edition), or Wireguard.
This feels like a XY problem. To be able to provide a useful answer to you, we’d need to know what exactly you’re trying to achieve. What goal are you trying to achieve with the VPN and what goal are you trying to achieve by using the client IP?
While I think you could techincally spoof your originating IP at the VPN server to match your clients IP it wouldn’t do anything useful. That’s not how IP routing works. What you’re trying to achieve with a setup like that?
IP spoofing on the internet won’t get you very far. So, no, this won’t work. I don’t even see a scenario where this would make sense.
Yeah, not sure how many isps block it. They didn’t used to 10 years or so ago. I used to block unknown ips at my egress.
But they should, and I’m hoping they do now.
I’m also not too sure what the point would be for the OP. Even if their isp allows the ip spoofing the response would take the normal route back to the vpn client.
In most cases the whole point of the VPN is to not disclose the clients IP. Are you talking about a site 2 site VPN? Then this would make sense. In that case you choose an IP range for the VPN endpoints and add routes to the networks in both ends over it. Then the clients will use their own IPs to connect and you should see them on the other side as source. Make sure to have no IP range overlaps.
I can give you a simple example later if you want.
This can’t feasibly be done over the internet. An IP address must be unique as that’s how it finds it out of billions of other devices. There are situations where the same IP can route to different locations but that’s regional and way beyond what you’re trying to achieve here. It’s how something like 8.8.8.8 works without sending all the requests to a single location.
If your server is sending out traffic as 1.2.3.4 and then tries to send the encrypted traffic to the client at 1.2.3.4 the traffic would either be routed back to itself or the client would receive the plaintext traffic meant for the server.
