vbsaltydog 0 Posted ... I am trying to create multiple airvpn connections from a single Ubuntu Server (I know they need to be to unique airvpn servers) while not using any of them as my server's default gateway. This is so I can setup custom routing to send packets out through airvpn interface x based on my specific requirements. Is there a guide on how to setup this configuration? Quote Share this post Link to post
go558a83nk 362 Posted ... I don't think there's a guide and I wouldn't expect one...you're already beyond 99% of users. Quote Share this post Link to post
nick75 25 Posted ... Hi, You can reach your goal using Linux network namespaces.In order to enable namespaces you can use cgroups with systemd or firejail (and also docker but that's closer to virtualisation if that's what you want). Personally I'd recommend firejail but you should do some research to figure out what suits your needs best. Quote Share this post Link to post
NaDre 157 Posted ... I am trying to create multiple airvpn connections from a single Ubuntu Server (I know they need to be to unique airvpn servers) while not using any of them as my server's default gateway. This is so I can setup custom routing to send packets out through airvpn interface x based on my specific requirements. Is there a guide on how to setup this configuration? See the second half of this post: https://airvpn.org/topic/14158-question-run-airvpn-as-non-primary-network-adapter/?p=27398 ... Or are you using Linux? The following assumes so. Linux uses a different "host model". See: http://en.wikipedia.org/wiki/Host_model If you do not want to change the OpenVPN config, then you still need to restore the default gateway in the default routing table in exactly the same way. And this will allow you to switch back and forth between real interface and VPN interface as default in the same way (removing and inserting the routing table entries with 192.0.0.0 mask). But then on Linux you will need to do "source address routing" to have a program use the VPN interface. Binding the VPN interface address is not enough. Something like what is done here: https://openvz.org/Source_based_routing You won't need a "throw" rule. With the source address routing in place, there is no danger of Linux fall-back to the default gateway for traffic bound to the VPN interface. So firewall config is not needed. UPDATE: I thought I should show my configuration (more or less) for doing this. My config files all contain this line at the top: config common/myroute.ovpniIn the same folder where I have the config files I have a subfolder named "common":$ ls -l common total 2 -rwxrwx---+ 1 user None 284 Jul 16 20:51 myroute.ovpni -rwxrwx---+ 1 user None 176 Jun 30 16:02 up.shThe file myroute.ovpni contains this:script-security 2 up ./common/up.sh route-nopull redirect-gateway def1 route 0.0.0.0 192.0.0.0 net_gateway route 64.0.0.0 192.0.0.0 net_gateway route 128.0.0.0 192.0.0.0 net_gateway route 192.0.0.0 192.0.0.0 net_gateway sndbuf 524288 rcvbuf 524288The file up.sh contains this:#!/bin/bash /sbin/ip rule del from $ifconfig_local table 10001 /sbin/ip rule add from $ifconfig_local table 10001 /sbin/ip route add default via $route_vpn_gateway table 10001 I find this to be much less effort than using namespaces/cgroups or container software built on these. Overkill. You could do without the "redirect-gateway", "route ..." and "...buf .." stuff. In fact if you want to have two connections you should drop that stuff. So long as the addresses that are used on each interface are different, there should be no conflict since each interface has its own routing table. So just this:script-security 2 up ./common/up.sh route-nopullAnd you could use "--config ..." on the command command-line (you can have a second one) to do the include for the extra commands, if you do not want to edit the files from AirVPN. You have to bind each program that is to use a VPN connection to the address of the VPN interface. The script to start the program could retrieve the address from the output of "ip rule list table 10001". EDIT: You mentioned "custom routing" in your OP. If you mean that you intend to add routes so that an interface is chosen based on destination, this can be very hard to make work if the destination has multiple addresses and varies its DNS response depending on circumstances, such as for a content provider like Netflix. Firefox does not allow you to bind to an interface. But you can install SQUID (an HTTP proxy) which will let you bind to an interface, and even specify what DNS to use. Then set up a separate Firefox profile that uses SQUID. 1 LZ1 reacted to this Quote Share this post Link to post
Not connected, Your IP: 3.129.216.15
Online: 26565 users - 347745 Mbit/s total BW