networking – How to set up reverse connections through double hop OpenVPN for multiple clients?

I’m trying to organize a workflow for multiple clients to access remote laboritory behind a VPN. The VPN connection is allowed to be initiated from a single machine only, so I’ve set up an intermediate box which runs both OpenVPN server (tun0) and OpenVPN client (tun1):

  • OpenVPN client (tun1) connects to the internal lab (10.100.0.0/24).
  • OpenVPN server (tun0) creates a virtual network 10.8.0.0/24 and serves for giving access to the internal lab for multiple clients tun1.

The traffic is routed from tun0 to tun1 with the following NAT rule:

-A POSTROUTING -s 10.8.0.0/24 -o tun1 -j MASQUERADE

Currently I’m looking for a solution to make reverse connections possible from machines in the internal lab to outer clients. Thanks!