Menu
▾
▴
Re: [Openvpn-users] Answering on the same interface where the request came from
|
From: Christian S. <chr...@as...> - 2005-02-22 09:04:14
|
On Monday 21 February 2005 22:52, Doncho N. Gunchev wrote: > > I had similar problem, it was saying it can not send. My setup is a > bit more complicated - [ISPs] <=> [Firewalls] <-- DNAT --> [Server]. In > this situation I DNAT connections to "virtual" IPs on the server and > use iproute2 rules to get the replies back. This was working great with > anything using TCP, DNS (UDP+TCP) and even GRE (yes, PPTP, I don't use > it any more) and so on, but failed with openvpn2's UDP mode. Since I'm > not sure if it's not my mistake I'll give this one more try when I have > some free time, but can someone give some light on this? I have this same setup working for me. When using UDP as carrier for OpenVPN, and allowing connections via two internet lines, I run _two_ OpenVPN server instances. One for each internet line. Each server instance is bound (via 'local' parameter) to its own local ip alias (which the firewalls DNAT to). And I use iproute2 to source route based on these aliases. This works on both Linux and OpenBSD (although on OpenBSD 'pf' is used to source route). Christian |
