[eduVPN-deploy] User and Management traffic on two separate NICs?
François Kooman
fkooman at tuxed.net
Tue Aug 18 11:10:54 CEST 2020
On 18.08.20 10:59, Stefan Winter via eduVPN-deploy wrote:
> Hello,
Hi Stefan,
> The obvious solution is to have a second NIC/outside NAT IP for user
> traffic.
Yes, that sounds right. Various eduVPN deploys I know of use this exact
mechanism. An extra (virtual) interface for management purposes opening SSH.
> I wonder what I need to change in the eduVPN config after having
> installed the second interface. Is the only relevant option the iptables
> NAT ruleset, which needs to NAT to the new interface? Anything else I
> need to change?
Once you make the interface that allows access to the Internet for VPN
clients the default gateway you don't really have to do anything.
Depending on how/whether you modified the current firewall, it may just
work immediately!
You can make it more complicated by using things like source routing [1]
at your leisure, but I recommend against that. Keep it as simple as
possible. See also [2] for more firewall instructions.
Regards,
François
[1] https://github.com/eduvpn/documentation/blob/v2/SOURCE_ROUTING.md
[2] https://github.com/eduvpn/documentation/blob/v2/FIREWALL.md
More information about the eduVPN-deploy
mailing list