OpenVPN on Linode without NAT

I have been trying to get OpenVPN set up to access systems by private IP on Linode. Installing and connecting to OpenVPN was no problem, but I am having a routing issue. If I have NAT enabled in iptables, I can access other Linodes by private IP, but then the client IP appears to the private IP of the OpenVPN server. It is necessary for each Linode to see the client's OpenVPN IP, not the IP of the Linode running OpenVPN. If I disable NAT, I can still ping the private IP of the OpenVPN server, but not other Linodes. I have the OpenVPN client block added to the routing table of the other Linode I am testing with.

I have looked at some OpenVPN howtos that Linode has posted, but they use NAT. I did not see any mention of a reason for using NAT.

In searching for a solution, I cam across the following Serverfault posting where someone is claiming that this is a Linode problem.


As further background, these machines are hosted on Linode. It turns out that they use static maps in their switches in order to route traffic to specific nodes on the LAN. Since the VPN source IPs aren't part of those static maps, the traffic wasn't routed anywhere.

So this turns out to be a Linode specific issue, but hopefully it can help others to know that.


Can anyone confirm or refute the above statement? Has anyone been able to use OpenVPN on Linode without running NAT?


4 Replies

You'd get more meaningful answers if you post your configs: the iptables, routes, ip ranges in use/involved, and the openvpn configs

Thank you for your suggestion, but my question is referring to an existing Serverfault question which precisely describes what I am trying to do. That post includes iptables rules, routing, and even a good diagram to illustrate the network configuration. The resolution to that post was that there is something specific about Linode that prevents doing this very straightforward thing with OpenVPN.

I am hoping that someone here will be able to, as I said, either confirm or refute that assertion. Is what the Serverfault post says correct? Is it really impossible to route OpenVPN clients to internal Linode IPs without NAT?

The ServerFault post you linked to is correct. The static mapping is set in place to prevent IP address spoofing on the internal network.

I would HIGHLY recommend this script to setup an OpenVPN. Its ridiculously easy.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct