Redirect traffic to openvpn (client)

Redirect traffic to openvpn (client)

[Alberto]

Hi everybody:

I have a Linux debian with twice ifaces:

- eth0: 192.168.1.1 (WAN)

- eth1: 192.168.2.1 (LAN)

as Home Router and GW of my Home LAN (192.168.2.0/24).

From time to time, I up an tun0 iface as openvpn client in this Home Router.

I up this openvpn connection with "--route-nopull" parameter, because I
don't want redirect traffic of all my LAN devices through this VPN, but
only a few.

I set the following rules with IPTABLES to permit traffic from VPN:

- iptables -A INPUT -i tun+ -j ACCEPT
- iptables -A OUTPUT -o tun+ -j ACCEPT
- iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
- iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE


Ok, how can I do to make this redirect to specific hosts?


Thanks,

Regards,

Re: Redirect traffic to openvpn (client)

[VDRU VDRU]

Just a note.. You create a network namespace for vpn with an arbitrary
network and run openvpn inside it. Then you can use a veth pair to
allow traffic from whatever other boxes on your lan you want to go
through the vpn. This also stops the traffic from going anywhere if
openvpn disconnects.

On Tue, Sep 29, 2020 at 10:52 AM Alberto <alberto@bersol.info> wrote:
>
> Hi everybody:
>
> I have a Linux debian with twice ifaces:
>
> - eth0: 192.168.1.1 (WAN)
>
> - eth1: 192.168.2.1 (LAN)
>
> as Home Router and GW of my Home LAN (192.168.2.0/24).
>
> From time to time, I up an tun0 iface as openvpn client in this Home Router.
>
> I up this openvpn connection with "--route-nopull" parameter, because I
> don't want redirect traffic of all my LAN devices through this VPN, but
> only a few.
>
> I set the following rules with IPTABLES to permit traffic from VPN:
>
> - iptables -A INPUT -i tun+ -j ACCEPT
> - iptables -A OUTPUT -o tun+ -j ACCEPT
> - iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
> - iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
>
>
> Ok, how can I do to make this redirect to specific hosts?
>
>
> Thanks,
>
> Regards,
>
>
>
>
>

Re: Redirect traffic to openvpn (client)

[alberto bersol]

Thank you Vdru,

Can you give me some note to make it?


I forgot tell you...

When VPN is down, Hosts clients which I redirect through VPN, must 
redirect through Default Gateway.

I can set this rules in VPN up/down time.


Regards,

On 30/9/20 0:24, VDRU VDRU wrote:
> Just a note.. You create a network namespace for vpn with an arbitrary
> network and run openvpn inside it. Then you can use a veth pair to
> allow traffic from whatever other boxes on your lan you want to go
> through the vpn. This also stops the traffic from going anywhere if
> openvpn disconnects.
>
> On Tue, Sep 29, 2020 at 10:52 AM Alberto <alberto@bersol.info> wrote:
>> Hi everybody:
>>
>> I have a Linux debian with twice ifaces:
>>
>> - eth0: 192.168.1.1 (WAN)
>>
>> - eth1: 192.168.2.1 (LAN)
>>
>> as Home Router and GW of my Home LAN (192.168.2.0/24).
>>
>>  From time to time, I up an tun0 iface as openvpn client in this Home Router.
>>
>> I up this openvpn connection with "--route-nopull" parameter, because I
>> don't want redirect traffic of all my LAN devices through this VPN, but
>> only a few.
>>
>> I set the following rules with IPTABLES to permit traffic from VPN:
>>
>> - iptables -A INPUT -i tun+ -j ACCEPT
>> - iptables -A OUTPUT -o tun+ -j ACCEPT
>> - iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
>> - iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
>>
>>
>> Ok, how can I do to make this redirect to specific hosts?
>>
>>
>> Thanks,
>>
>> Regards,
>>
>>
>>
>>
>>