[eduVPN-deploy] different IPs for client traffic/mgmt: one issue
François Kooman
fkooman at tuxed.net
Thu Aug 20 12:51:15 CEST 2020
On 20.08.20 12:16, Stefan Winter via eduVPN-deploy wrote:
> Hello,
Hi Stefan!
> so I've installed the two different NICs and have an IP address just for
> the NATed payload traffic. The connection establishment and mgmt goes
> via the "primary" NIC instead.
I'd recommend making the default gateway the interface where you NAT
over. The management interface can be separate without default gateway
as mentioned before. Then everything will just automatically work as far
as I can see.
Is there any reason why you make it more complicated then it needs to
be? Maybe I am missing some (deployment) requirements on your end?
> So, it appears like the server chooses to send its reply from the wrong
> source interface - incoming to eno1 IP address; outgoing via eno2's IP
> address. (see tcpdump at end)
This can be mitigated by following the above. There are some hacks that
can be implemented in OpenVPN, i.e. binding to a specific IP address, or
hacking the server config with `--multihome` option. That last thing is
not supported through eduVPN because we never needed it and probably
indicates something you shouldn't be doing in the first place. However,
as said above, maybe I am missing some requirements on your end...
Cheers,
François
More information about the eduVPN-deploy
mailing list