Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
Gasoid2015-10-09 12:01:05
linux
Gasoid, 2015-10-09 12:01:05

How to configure openvpn to work on 2 ip addresses?

there is a gateway on debian
there are 2 providers
one ip on eth0:3
another on eth1
by default we configure the gateway to be on eth0:3

#!/bin/sh
IP1=88.140.167.214
IP2=217.230.75.242
P1=88.140.167.213
P2=217.230.75.241

P1_NET=88.140.167.212/30
P2_NET=217.230.75.240/30

IF1=eth0:3
IF2=eth1

ip route flush table prov214
ip route add default via $P1 dev eth0:3 table prov214

ip route flush table prov242
ip route add default via $P2 dev eth1 table prov242


# Говорим, что по дефолту будем ходить через первого провайдера.
ip route del 0/0
ip route add default via $P1


ip rule del table prov214
ip rule del table prov242
ip rule add from $IP1 table prov214
ip rule add from $IP2 table prov242

ip rule add fwmark 0x1/0x1 lookup prov214

#!/bin/bash
iptables -A PREROUTING -i eth1  -j MARK --set-mark 0x1 -t mangle 
iptables -A PREROUTING -j CONNMARK --save-mark -t mangle -m mark --mark 0x1
iptables -A PREROUTING -j CONNMARK -t mangle  --set-mark 0x1 -i eth1
iptables -A PREROUTING -j CONNMARK -t mangle --set-mark 0x1 -s 10.0.1.73 -d ! 10.0.0.0/16

in the openvpn config I specify
local 217.230.75.241
this scheme works, but why doesn't it work if the local option is removed? Packets go through the default gateway if they arrive at 217.230.75.241
Moreover, if we remove the marking, then it does not work with local either.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
G
Gasoid, 2015-10-10
@Gasoid

eventually put the network card eth3

#!/bin/sh
IP1=88.140.167.214
IP2=217.230.75.242
P1=88.140.167.213
P2=217.230.75.241

P1_NET=88.140.167.212/30
P2_NET=217.230.75.240/30

IF1=eth3
IF2=eth1

ip route flush table prov214
ip route add default via $P1 dev eth3 table prov214

ip route flush table prov242
ip route add default via $P2 dev eth1 table prov242


# Говорим, что по дефолту будем ходить через первого провайдера.
ip route del 0/0
ip route add default via $P1


ip rule del table prov214
ip rule del table prov242
ip rule add from $IP1 table prov214
ip rule add from $IP2 table prov242

ip rule add fwmark 0x1/0x1 lookup prov242

in openvpn we remove the local parameter and add the multihome option

Report
M
mureevms, 2015-10-09
@mureevms

Why are you labeling traffic at all? Don't packets go fine without it?
It's not entirely clear what you want to do with the fire rules. Allow traffic from the eth1 interface to the prov214 table, it should also go to prov242. Those. You first say if the packet came with $IP1, then go to the prov214 table and immediately mark it, directing it to prov214. Where is the logic?
And yet, change the IP from the interface from eth0:3 to eth0. I had a problem with iproute and an alias on the interface.

Similar questions
V
VaaL20042011-07-27 06:18:29
Samba, Log, MySQL? 1Reply
K
kinvekt2015-10-19 16:52:20
How to compile a program under linux in monodevelop? 2Reply
C
Cyril2015-10-20 08:52:26
Would this configuration work? 3Reply
J
juffinhalli2011-08-03 08:16:49
Automate package installation in Debian [SOLVED]? 2Reply
P
Pavel Kizernis2015-10-20 12:47:37
How to run 2 virtual machines (Linux) with different IPs (VirtualBox)? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question