1362
Comment:
|
1581
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
http://www.openvpn.org/ |
* http://openvpn.net/ * [[http://tumbleweed.org.za/2008/09/19/split-routing-debianubuntu|Split DSL] local and international traffic on different accounts. |
Line 16: | Line 16: |
* '''Solution''' :-) bind to singel ip real inside int. (loop does not work ? bug X-( ) | * '''Solution''' :-) bind to single ip real inside int. (loop does not work ? bug X-( ) |
Line 19: | Line 19: |
* My guesse as to why it works is that the packets are seen as being routed out ? |
Linux multihome openvpn
[[http://tumbleweed.org.za/2008/09/19/split-routing-debianubuntu|Split DSL] local and international traffic on different accounts.
Setup of OpenVpn on multihome box.
Problem is Openvpn answers udp packets back using default Gw, and selects different ip than incoming ip.
OpenVpn: Bind to all interfaces.
- Linux selects int/ip based on routing. Local gen packets select int before mangle can replace fwmark.
OpenVpn: Bind to lo:127.0.0.2, use nat to nat incoming on udp:1194 to 127.0.0.2.
Kernel bug ? Still selecting wrong source
OpenVpn: Multiple instances each bound to specific ext ip.
- WORKS! but need separate subnet for each instance, thus client ip changes when re-connects.
Setup OpenVpn to add host routes as they activate ?
OpenVpn: Solution - bind to a real interface
Solution bind to single ip real inside int. (loop does not work ? bug )
- Nat external to real int.
- Tested can connect to any of the external ip's
- My guesse as to why it works is that the packets are seen as being routed out ? e.g. bash script to setup nat.
#!/bin/bash iplist_FWext="e1=196.1.1.1 e2=196.2.1.1 e3=196.3.1.1" iphost_FWint="10.0.0.1" for i in ${iplist_FWext}; do fw_ip=${i##*=} fw_int=${i%%=*} nat to-destination "${iphost_FWint}" dport 1194 proto udp dst "${fw_ip}" done;