• linux
• multihome
• openvpn

Linux multihome openvpn

• http://openvpn.net/

• Split DSL local and international traffic on different accounts.

• Note: PSK only supports single tunnel, need to use cert's for multi client. https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN

Setup of OpenVpn on multihome box.

Problem is Openvpn answers udp packets back using default Gw, and selects different ip than incoming ip.

Options:

1. OpenVpn: Bind to all interfaces.

   • Linux selects int/ip based on routing. Local gen packets select int before mangle can replace fwmark.

2. OpenVpn: Bind to lo:127.0.0.2, use nat to nat incoming on udp:1194 to 127.0.0.2.

   • Kernel bug ? Still selecting wrong source

3. OpenVpn: Multiple instances each bound to specific ext ip.

   • WORKS! but need separate subnet for each instance, thus client ip changes when re-connects.

   • Setup OpenVpn to add host routes as they activate ?

4. OpenVpn: Solution - :-) bind to a real interface

   • Solution bind to single ip real inside int. (loop does not work ? bug -Maybe need sysctl -w net.ipv4.conf.all.route_localnet=1 )

   • Nat external to real int.
   • Tested can connect to any of the external ip's
   • My guesse as to why it works is that the packets are seen as being routed out ? e.g. bash script to setup nat.

            #!/bin/bash
            iplist_FWext="e1=196.1.1.1 e2=196.2.1.1 e3=196.3.1.1"
            iphost_FWint="10.0.0.1"
            for i in ${iplist_FWext}; do
               fw_ip=${i##*=}
               fw_int=${i%%=*}
               nat to-destination "${iphost_FWint}" dport 1194 proto udp dst "${fw_ip}"
               done;

CategoryLinux CategoryVpnTunnel