I want to set up a VPN that uses the client’s IP when sending data out of the VPN server. I am able to use either OpenVPN (open-source edition), or Wireguard.

  • Atemu
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    There’s only one route to an IP.

    That’s not true. There’s an infinite numer of ways to route IP addresses on the internet in fact. Most of them are useless however.

    your VPN server can try spoofing its outbound traffic to use the client’s IP, but it’ll most likely get discarded by the ISP because it only allows your IP to go out. But even if you can, the answer to those packets will go to the client’s IP, which will go directly to the client and not the VPN.

    Mission accomplished? This may be what OP wants? Really not sure.

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      That’s not true. There’s an infinite numer of ways to route IP addresses on the internet

      I think what they were trying to say is that packets are usually routed one particular way, which is true (routes normally don’t suddenly change unless there’s a major change like an outage or cost change). This part of their comment makes me think they do understand that there’s many possible routes:

      you more or less can’t choose which one, your ISP and their upstream ISPs decide and it’s usually the shortest or cheapest route.

      • Max-P@lemmy.max-p.me
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        Yeah, I almost talked about anycast IPs but it just added unnecessary complexity.

        OP’s question is a bit weird but it sounds like they want to connect to a VPN server and then that server uses the client’s IP instead of its own for outbound traffic, like some sort of forwarding?

        For all I know OP may be asking for a bridged VPN and it really just means to forward the remote client as if it’s on the local network.

        But the way it’s worded, the same IP would be used to both talk to the server and by the server itself going outbound. It’s possible on a local network with iptables hacks but why would you even want to do this?