|
Size: 1581
Comment:
|
Size: 1582
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 4: | Line 4: |
| * [[http://tumbleweed.org.za/2008/09/19/split-routing-debianubuntu|Split DSL] local and international traffic on different accounts. | * [[http://tumbleweed.org.za/2008/09/19/split-routing-debianubuntu|Split DSL]] local and international traffic on different accounts. |
Linux multihome openvpn
Split DSL local and international traffic on different accounts.
Setup of OpenVpn on multihome box.
Problem is Openvpn answers udp packets back using default Gw, and selects different ip than incoming ip.
OpenVpn: Bind to all interfaces.
- Linux selects int/ip based on routing. Local gen packets select int before mangle can replace fwmark.
OpenVpn: Bind to lo:127.0.0.2, use nat to nat incoming on udp:1194 to 127.0.0.2.
Kernel bug ? Still selecting wrong source
OpenVpn: Multiple instances each bound to specific ext ip.
- WORKS! but need separate subnet for each instance, thus client ip changes when re-connects.
Setup OpenVpn to add host routes as they activate ?
OpenVpn: Solution -
bind to a real interface Solution
bind to single ip real inside int. (loop does not work ? bug ) - Nat external to real int.
- Tested can connect to any of the external ip's
- My guesse as to why it works is that the packets are seen as being routed out ? e.g. bash script to setup nat.
#!/bin/bash iplist_FWext="e1=196.1.1.1 e2=196.2.1.1 e3=196.3.1.1" iphost_FWint="10.0.0.1" for i in ${iplist_FWext}; do fw_ip=${i##*=} fw_int=${i%%=*} nat to-destination "${iphost_FWint}" dport 1194 proto udp dst "${fw_ip}" done;