Answer the question
In order to leave comments, you need to log in
How to create a dynamic VPN tunnel?
There are several servers. Let, for example, there will be 3 of them. And an indefinite number of users. Each user needs to create a VPN tunnel through these servers to the Internet. But different users should have their own order of connection to the servers.
I.e.:
user #1 connects via servers: 1-2-3-Internet
user #2 connects via servers: 3-2-1-Internet
user #3 connects via servers: 2-3-1-Internet
, etc. d.
Users should not see each other. And from time to time, users need to change the connection scheme automatically and transparently for them (you can do this on the default gateway, which will wrap all user connections in the VPN).
How can this be organized?
So far I see 2 options:
1. SSH tunnel: for each user on his own port, open dynamic SSH port forwarding, connecting from one server sequentially to another.
2. Use OpenVPN.
The first option is not liked by the fact that it is not clear how to automate this process. In particular, entering a password when logging in via SSH.
The second option is preferable, but it is completely unclear how to make the VPN dynamic. Although this is possible, because There are plenty of such services on the internet. Example
Answer the question
In order to leave comments, you need to log in
OpenVPN will not suit you, as the client side selects a host from the list randomly. Otherwise, I lost the logical chain.
It is possible if instead of ip servers you have aliases on DNS records and they change according to a schedule
what if you do this with OpenVPN:
tun0 to server #1
tun1 to server #2 goes through tun0
tun2 to server #3 goes through tun1
and dynamically change server IPs in configs for all tunnels?
It looks like this
1) DNS A record with several IPs:
www.tunnel.com. 298 IN A 111.22.333.111
www.tunnel.com. 298 IN A 111.22.333.222
www.tunnel.com. 298 IN A 111.22.333.333
2) Balancing on each node of incoming traffic to 2 other nodes depending on the source address (standard routing capabilities should be enough, or IPtables will help you, or source / destination based routing tables)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question