Jump to content
Not connected, Your IP: 18.191.202.48
vbsaltydog

Multiple Connections from one machine?

Recommended Posts

I am trying to create multiple airvpn connections from a single Ubuntu Server (I know they need to be to unique airvpn servers) while not using any of them as my server's default gateway. This is so I can setup custom routing to send packets out through airvpn interface x based on my specific requirements. 

 

Is there a guide on how to setup this configuration?

Share this post


Link to post

Hi,

 

You can reach your goal using Linux network namespaces.

In order to enable namespaces you can use cgroups with systemd or firejail (and also docker but that's closer to virtualisation if that's what you want).

 

Personally I'd recommend firejail but you should do some research to figure out what suits your needs best.

Share this post


Link to post

I am trying to create multiple airvpn connections from a single Ubuntu Server (I know they need to be to unique airvpn servers) while not using any of them as my server's default gateway. This is so I can setup custom routing to send packets out through airvpn interface x based on my specific requirements. 

 

Is there a guide on how to setup this configuration?

 

See the second half of this post:

 

https://airvpn.org/topic/14158-question-run-airvpn-as-non-primary-network-adapter/?p=27398

 

...

 

Or are you using Linux? The following assumes so.

 

Linux uses a different "host model". See:

 

http://en.wikipedia.org/wiki/Host_model

 

If you do not want to change the OpenVPN config, then you still need to restore the default gateway in the default routing table in exactly the same way. And this will allow you to switch back and forth between real interface and VPN interface as default in the same way (removing and inserting the routing table entries with 192.0.0.0 mask).

 

But then on Linux you will need to do "source address routing" to have a program use the VPN interface. Binding the VPN interface address is not enough. Something like what is done here:

 

https://openvz.org/Source_based_routing

 

You won't need a "throw" rule.

 

With the source address routing in place, there is no danger of Linux fall-back to the default gateway for traffic bound to the VPN interface. So firewall config is not needed.

 

UPDATE:

 

I thought I should show my configuration (more or less) for doing this.

 

My config files all contain this line at the top:

 

config common/myroute.ovpni
In the same folder where I have the config files I have a subfolder named "common":

$ ls -l common
total 2
-rwxrwx---+ 1 user None 284 Jul 16 20:51 myroute.ovpni
-rwxrwx---+ 1 user None 176 Jun 30 16:02 up.sh
The file myroute.ovpni contains this:

script-security 2
up ./common/up.sh
route-nopull
redirect-gateway def1
route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway
sndbuf 524288
rcvbuf 524288
The file up.sh contains this:

#!/bin/bash
/sbin/ip rule del from $ifconfig_local table 10001
/sbin/ip rule add from $ifconfig_local table 10001
/sbin/ip route add default via $route_vpn_gateway table 10001
 

I find this to be much less effort than using namespaces/cgroups or container software built on these. Overkill.

 

You could do without the "redirect-gateway", "route ..." and "...buf .." stuff. In fact if you want to have two connections you should drop that stuff. So long as the addresses that are used on each interface are different, there should be no conflict since each interface has its own routing table. So just this:

script-security 2
up ./common/up.sh
route-nopull
And you could use "--config ..." on the command command-line (you can have a second one) to do the include for the extra commands, if you do not want to edit the files from AirVPN.

 

You have to bind each program that is to use a VPN connection to the address of the VPN interface. The script to start the program could retrieve the address from the output of "ip rule list table 10001".

 

EDIT:

 

You mentioned "custom routing" in your OP. If you mean that you intend to add routes so that an interface is chosen based on destination, this can be very hard to make work if the destination has multiple addresses and varies its DNS response depending on circumstances, such as for a content provider like Netflix.

 

Firefox does not allow you to bind to an interface. But you can install SQUID (an HTTP proxy) which will let you bind to an interface, and even specify what DNS to use. Then set up a separate Firefox profile that uses SQUID.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...