debian – Tunneling a Public IP using OpenVPN


I’m having a bit of difficulty tunneling a Public IP to a remote VPS using OpenVPN. I have a Linux server with a block of 32 Public IP Addresses 192.0.2.160/27, named Server 1, along with one other Public IP Address that is bound to eth0 on that same server: 203.0.113.43.

I have another Linux machine, Server 2, behind NAT somewhere else. I want to be able to setup an OpenVPN server on Server 1 such that the client, Server 2, can use an IP Address in the 192.0.2.160/27 subnet.

I have followed the following guide on ServerFault, and i’m attempting to use Ethernet bridging with OpenVPN using TAP.

On Server 1, the network configuration looks something like this (I’ve replaced the IPs for documentation purposes – see RFC5737):

Server 1 /etc/network/interfaces

auto eth0

auto br0
iface br0 inet static
     address 203.0.113.43
     netmask 255.255.255.0
     gateway 203.0.113.1
     pre-up openvpn --mktun --dev tap0
     bridge_ports eth0 tap0
     bridge_fd 3

I then run openvpn on Server 1 with openvpn --dev tap0, and when I enter the following on Server 2:

openvpn --remote 203.0.113.43 --dev tap0 --route-gateway 203.0.113.1 
--redirect-gateway def1 --ifconfig 192.0.2.160 255.255.255.224

A connection is established, but I cannot ping 192.0.2.160 on any other machine other than on Server 2 (can’t even do it on Server 1).

I definitely believe I am missing something, but I can’t seem to figure it out.

I’ll also add that I have enabled IPv4 Packet forwarding in /etc/sysctl.conf on Server 1.

If anyone can complete this configuration or suggest an alternative method of achieving this, that would be much appreciated.