|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
How to use the external interface and a VPN tunnel for different services/clients?
Can you help me out here, please? I do not need a step-by-step guide, just a friendly kick in the right direction.
I have an OpenBSD gateway/router/networking server with two network interfaces in use: one for the external network (WAN) and one for my internal network (LAN). On the internal side I have a bunch of clients including an OpenBSD server that serves both the outside world (currently http and ssh) and the inside (currently NFS). I have used an OpenVPN client to create a VPN tunnel on the gateway, and that works fine, but I do not want all traffic to go through the tunnel. I want to exclude, for example, the web and shell services. How should I think? Can I do this with only pf or do I need to make changes to the routing table? If I create the tunnel, without any changes to my pf rule set, the web server stops to be accessible from the outside and the clients cannot access the outside; because the default route is changed, I guess. If I change $wan_if from em0 to tun0 the clients can access the outside, but of course I cannot access the web server on the IP address that is assigned to em0 (I have not tried to access it through the IP address at tun0). Is it just a matter of having dual NAT:ing for the two interfaces or will the replies take the default route no matter what? I did a test shot with an additional nat-to rule yesterday, but it did not work and then it was time for bed. |
|
|||
I have made some tests using reply-to, but without success.
I guess that I need to alter the routing table, but as I lack knowledge in that area I have ordered some books to solve that. I have dynamic IP addresses on both the em0 and tun0 interface; will that be a problem? Edit: I will search the OpenVPN community for a solution to this as well. Last edited by alikzus; 26th June 2014 at 10:35 AM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
ipsec tunnel 3 networks with one tunnel | polken | OpenBSD Security | 0 | 24th May 2012 06:33 AM |
Disabling Services Not Needed | EverydayDiesel | OpenBSD Security | 10 | 25th January 2010 01:20 PM |
start stop services ? | smooth187 | OpenBSD General | 4 | 31st August 2008 01:00 AM |
Exempting clients from AuthPF | Kristijan | NetBSD Security | 1 | 12th July 2008 12:09 AM |
Learn which services are listening on your box | anomie | Guides | 5 | 14th May 2008 09:59 AM |