Before we proceed, ensure that you have the following:
A Linux machine (Ubuntu is used in this guide)
Root privileges on the system
Two VPN server configurations for multi-hop routing
OpenVPN installed on your Linux system
A basic understanding of networking and VPNs
Step 1: Install OpenVPN
First, install OpenVPN if it is not already installed. You can install it using the following command:
sudo apt update && sudo apt install openvpn
Once installed, verify the installation by checking the OpenVPN version:
openvpn --version
Step 2: Configuring the First VPN Connection
Next, you need to configure the first VPN connection. To do this, you’ll need the configuration file (typically with a .ovpn extension) provided by your VPN provider.
Place the .ovpn file in the /etc/openvpn/ directory for easy access:
Edit the configuration file to set up the first VPN connection:
sudo nano /etc/openvpn/first-server.conf
Make sure the configuration has the correct server address, authentication credentials, and other necessary details for the first server.
Once done, you can start the first VPN connection using:
sudo systemctl start openvpn@first-server
Verify the connection:
sudo systemctl status openvpn@first-server
Step 3: Configure the Second VPN Connection
Similarly, configure the second VPN connection using the second .ovpn file from your VPN provider.
Copy the configuration file:
Like the first server, make sure the configuration file points to the correct VPN server address and contains your credentials.
Start the second VPN connection:
sudo systemctl start openvpn@second-server
Verify the connection:
sudo systemctl status openvpn@second-server
Step 4: Enable IP Forwarding
For multi-hop routing to work, your system needs to forward traffic between the two VPN interfaces. To enable IP forwarding, edit the system control configuration:
sudo nano /etc/sysctl.conf
Find and uncomment the following line:
net.ipv4.ip_forward=1
Then apply the changes:
sudo sysctl -p
Step 5: Create Routing Tables
To route traffic through both VPNs, we will use two separate routing tables. First, create the routing tables by editing the /etc/iproute2/rt_tables file:
sudo nano /etc/iproute2/rt_tables
Add two new lines at the end of the file:
100 vpn1 101 vpn2
Now, create specific routes for each VPN in their respective tables.
Routing for the First VPN
We will create a default route for the first VPN connection to use the VPN’s gateway:
sudo ip route add default via dev tun0 table vpn1
Replace with the actual gateway IP of the first VPN server, which can be found in the routing table after connecting to the VPN.
Routing for the Second VPN
Next, we will create a route for the second VPN:
sudo ip route add default via dev tun1 table vpn2
Replace with the gateway IP of the second VPN server.
Step 6: Set Up the Routing Rules
You now need to specify which traffic should be routed through which VPN. Create routing rules that direct traffic based on the source interface.
For the first VPN:
sudo ip rule add from table vpn1
Replace with the IP address of your machine when connected to the first VPN.
For the second VPN:
sudo ip rule add from table vpn2
Replace with the IP address of your machine when connected to the second VPN.
Step 7: Test the Multi-Hop VPN Routing
Now that you have configured both VPN connections and set up routing, you can test the multi-hop VPN routing.
Use the curl command to check the public IP address, which should reflect the IP address of the second VPN:
curl ifconfig.me
If everything is set up correctly, you should see the IP address of the second VPN server.
Step 8: Automate the Process with Systemd
To ensure that the VPN connections and routing are automatically set up at boot, create a systemd service for each VPN connection.
For the first VPN:
