FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 06-14-2011, 02:39 PM
Rich Mahn
 
Default controlling source IP on connections

Hi,
I use openvpn as a tunnel between my office LAN and my home LAN. It works
great with one exception. Connections through the tunnel originating at the
VPN endpoints use the tunnel IP address as their source address. I need the
local IP address to be used instead.

More specifically:

office LAN == 66.66.66.0/24
home LAN == 192.168.1.0/24
VPN uses 192.168.1.1 on home side
VPN uses 66.66.66.1 on office side
VPN tunnel is 192.168.2.1 (office) <==> 192.168.2.2 (home)

Problem is that connections from 192.168.1.1 to 66.66.66.xx
use 192.168.2.2 as the source IP. Similarly connections from
66.66.66.1 to 192.168.1.xx use 192.168.2.1 as the source IP.

Is there some way I can get them to use 192.168.1.1 and 66.66.66.1
respectively. I looked at iptables, but don't see what looks correct
there. Maybe the 'mangle' table, but I don't see any modifications to
source or destination.

Thanks for any help or pointers. Or if it just can't be done, it would
be nice to know that as well.

Rich


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-14-2011, 04:48 PM
"Joseph L. Casale"
 
Default controlling source IP on connections

>Thanks for any help or pointers. Or if it just can't be done, it would
>be nice to know that as well.

My suggestion is learn to work with the toolset as designed. With the
exception of client-to-client/lan-to-lan, any connections from the box
with the p-t-p connection instantiated on it originates connections via
this interface.

So, use a ccd and client confs to force a known ip on the server, then
mitigate the connections as you now can reliably expect them. For example,
if you are not expecting the lan behind the client to have connectivity,
you know exactly what connections to allow. If you are, you now have two
case to account for, not much more complicated etc...

There are some apps/utils (rsyncd --address etc) that allow an interface choice,
but my experience is it's a lot more easier to work as I suggest and cover all
cases reliably and as expected.

jlc
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 11:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org