Re: [PLUG] OpenVPN Question

Keith C. Perry on 28 Sep 2014 15:54:48 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OpenVPN Question

From: "Keith C. Perry" <kperry@daotechnologies.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] OpenVPN Question
Date: Sun, 28 Sep 2014 18:54:37 -0400 (EDT)
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
Thread-index: WCeZWvOtR+aeDeWR5iaoxZMgb6y1kQ==
Thread-topic: OpenVPN Question

Ahhh, ok.  I actually do have that since the VM's on this particular box can talk to any network they want- I probably could dual attach them if I wanted though.  I don't restrict them routewise so there is not need connect them to both interfaces.  I see your point though.  To do what you are saying it sounds like it might be easier to use some routing or iptables rules in the actual vm.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Owner, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167 
www.daotechnologies.com

----- Original Message -----
From: "Rich Freeman" <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Sunday, September 28, 2014 4:33:17 PM
Subject: Re: [PLUG] OpenVPN Question

On Sun, Sep 28, 2014 at 12:58 PM, Keith C. Perry
<kperry@daotechnologies.com> wrote:
>
> The only difference I see is that you are putting NAT rules inside the container to begin
> with.  This might be a case of context- either they ALL go on the host or they ALL go inside
> the containers.
>

Kinda sorta.  The issue is that the host needs to direct some if its
traffic to one of its containers (the vpn) as the default gateway, and
other of its traffic to another host as the default gateway.

That is, if I ssh into the host the reply packets should go to the
external router (if they're not local).  On the other hand, if I fire
up a browser on the host, the packets should go to the vpn.

I think in your example any particular container was hooked up to the
private or the public bridge, but not both.  In my case the host can
route to either, but different applications on the host should use one
vs the other (regardless of destination IP unless it is local).

To simplify you could just think of a network where you have two
routers, and one should be used for outgoing connections, and the
other should only be used for replies to incoming connections.

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] OpenVPN Question
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] OpenVPN Question
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] OpenVPN Question
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] OpenVPN Question
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] OpenVPN Question
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] OpenVPN Question
  - From: Rich Freeman <r-plug@thefreemanclan.net>

Prev by Date: Re: [PLUG] OpenVPN Question
Next by Date: Re: [PLUG] OpenVPN Question
Previous by thread: Re: [PLUG] OpenVPN Question
Next by thread: Re: [PLUG] OpenVPN Question
Index(es):
- Date
- Thread