Differences between revisions 13 and 14
Revision 13 as of 2013-11-17 08:58:44
Size: 697
Editor: ks4000911
Comment:
Revision 14 as of 2013-11-17 12:06:40
Size: 1598
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
こんにちは 親愛なる訪問者。私のパートナー ルイ ・ ワイズマンですし、私は 完全に無料だけ完全に この愛 リスト。アーカンソー 我々 はしてきた 複雑。 年のため。私は現在 新しい 司書と を見つけるの 何か私は 非常に をお楽しみください。一般的なことではないが のもの私は やってよう になってしまう 行動しますが、私は don't はないと思う、スケジュール がある最近。行く を取得する 私のウェブサイトより多く: % の url<<BR>>
<<BR>>
Here is my blog ... [[http://www.parishcentercary.com/|財布 レディース ブランド]]		 #format wiki
== Linux multihome openvpn ==
 * http://openvpn.net/
 * [[http://tumbleweed.org.za/2008/09/19/split-routing-debianubuntu|Split DSL]] local and international traffic on different accounts.
=== Setup of OpenVpn on multihome box. ===
Problem is Openvpn answers udp packets back using default Gw, and selects different ip than incoming ip.

Options:
 1. OpenVpn: Bind to all interfaces.
    * Linux selects int/ip based on routing. Local gen packets select int before mangle can replace fwmark.
 1. OpenVpn: Bind to lo:127.0.0.2, use nat to nat incoming on udp:1194 to 127.0.0.2.
    * X-( Kernel bug ? Still selecting wrong source
 1. OpenVpn: Multiple instances each bound to specific ext ip.
    * WORKS! but need separate subnet for each instance, thus client ip changes when re-connects.
    * (!) Setup OpenVpn to add host routes as they activate ?
 1. OpenVpn: '''Solution - :-)''' bind to a real interface
    * '''Solution''' :-) bind to single ip real inside int. (loop does not work ? bug X-( )
    * Nat external to real int.
    * Tested can connect to any of the external ip's
    * My guesse as to why it works is that the packets are seen as being routed out ?
    e.g. bash script to setup nat.
    {{{
       #!/bin/bash
       iplist_FWext="e1=196.1.1.1 e2=196.2.1.1 e3=196.3.1.1"
       iphost_FWint="10.0.0.1"
       for i in ${iplist_FWext}; do
          fw_ip=${i##*=}
          fw_int=${i%%=*}
          nat to-destination "${iphost_FWint}" dport 1194 proto udp dst "${fw_ip}"
          done;
    }}}


----
----
CategoryLinux

Linux multihome openvpn

Setup of OpenVpn on multihome box.

Problem is Openvpn answers udp packets back using default Gw, and selects different ip than incoming ip.

Options:

  1. OpenVpn: Bind to all interfaces.

    • Linux selects int/ip based on routing. Local gen packets select int before mangle can replace fwmark.

  2. OpenVpn: Bind to lo:127.0.0.2, use nat to nat incoming on udp:1194 to 127.0.0.2.

    • X-( Kernel bug ? Still selecting wrong source

  3. OpenVpn: Multiple instances each bound to specific ext ip.

    • WORKS! but need separate subnet for each instance, thus client ip changes when re-connects.

    • (!) Setup OpenVpn to add host routes as they activate ?

  4. OpenVpn: Solution - :-) bind to a real interface

    • Solution :-) bind to single ip real inside int. (loop does not work ? bug X-( )

    • Nat external to real int.
    • Tested can connect to any of the external ip's
    • My guesse as to why it works is that the packets are seen as being routed out ? e.g. bash script to setup nat. 
             #!/bin/bash
       iplist_FWext="e1=196.1.1.1 e2=196.2.1.1 e3=196.3.1.1"
       iphost_FWint="10.0.0.1"
       for i in ${iplist_FWext}; do
          fw_ip=${i##*=}
          fw_int=${i%%=*}
          nat to-destination "${iphost_FWint}" dport 1194 proto udp dst "${fw_ip}"
          done;

CategoryLinux

linux/multihome/openvpn (last edited 2017-11-03 21:54:26 by PieterSmit)