I want to set up a VPN that uses the client’s IP when sending data out of the VPN server. I am able to use either OpenVPN (open-source edition), or Wireguard.

18 points

This feels like a XY problem. To be able to provide a useful answer to you, we’d need to know what exactly you’re trying to achieve. What goal are you trying to achieve with the VPN and what goal are you trying to achieve by using the client IP?

permalink
report
reply
1 point

Thanks for the XY link… I’ve seen this occur loads of times, but that sums it up succinctly. Thanks

permalink
report
parent
reply
13 points

While I think you could techincally spoof your originating IP at the VPN server to match your clients IP it wouldn’t do anything useful. That’s not how IP routing works. What you’re trying to achieve with a setup like that?

permalink
report
reply
11 points

IP spoofing on the internet won’t get you very far. So, no, this won’t work. I don’t even see a scenario where this would make sense.

permalink
report
reply
1 point

Yeah, not sure how many isps block it. They didn’t used to 10 years or so ago. I used to block unknown ips at my egress.

But they should, and I’m hoping they do now.

I’m also not too sure what the point would be for the OP. Even if their isp allows the ip spoofing the response would take the normal route back to the vpn client.

permalink
report
parent
reply

I have no numbers, but with the rise in bad actors I assume that at least the larger hosts who have their own data centers do it.

permalink
report
parent
reply
10 points
*

In most cases the whole point of the VPN is to not disclose the clients IP. Are you talking about a site 2 site VPN? Then this would make sense. In that case you choose an IP range for the VPN endpoints and add routes to the networks in both ends over it. Then the clients will use their own IPs to connect and you should see them on the other side as source. Make sure to have no IP range overlaps.

I can give you a simple example later if you want.

permalink
report
reply
1 point
Deleted by creator
permalink
report
parent
reply
3 points

This can’t feasibly be done over the internet. An IP address must be unique as that’s how it finds it out of billions of other devices. There are situations where the same IP can route to different locations but that’s regional and way beyond what you’re trying to achieve here. It’s how something like 8.8.8.8 works without sending all the requests to a single location.

If your server is sending out traffic as 1.2.3.4 and then tries to send the encrypted traffic to the client at 1.2.3.4 the traffic would either be routed back to itself or the client would receive the plaintext traffic meant for the server.

permalink
report
reply

Selfhosted

!selfhosted@lemmy.world

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

Community stats

  • 4.8K

    Monthly active users

  • 3.6K

    Posts

  • 78K

    Comments