:: Re: [DNG] OpenVPN - routing things …
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Ralph Ronnquist
Fecha:  
A: dng
Asunto: Re: [DNG] OpenVPN - routing things TO the OpenVPN server.
On Sun, Oct 08, 2023 at 06:29:36AM +1000, onefang wrote:
> I'm using OpenVPN on my server, and I'd like to route anything between my
> desktop and my server through the VPN.
>
> At the moment anything going to any other server goes through the VPN,
> but not stuff directly to the server.
>
> Obviously the OpenVPN stuff itself should go direct, want to avoid going
> around in circles here.
>
> Anyone know how to do this?
>
> Later I'll be moving to WireGuard, but I got lots of other things need to
> be done first. Could this be done with WireGuard as well?


For me, the first approach that springs to mind would be that you run
the client withing a network namespace so that *its* outbound server
packets can be marked, and then the rule bending server packets to
that clent is set to ignore those marked packets.

In that approach, the network namespace would need an input veth and
an output veth of different nets. All outbound host packets, except
marked packets, would be routed to the VPN client via the input net,
and the client would send to the server via the output net with
marking set to happen through the now routing host.

I don't know of any better way of tagging the VPN outbound traffic and
would be eager to learn if there is one.

Ralph.

>
> --
> A big old stinking pile of genius that no one wants
> coz there are too many silver coated monkeys in the world.
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng