Page 1 of 1
How to bind OpenVPN to one network interface?
Posted: Sun Jul 15, 2012 9:19 pm
by Maxor91
Hello all,
I have a server with two separate network interfaces running through the same router eth0 (10.1.1.35) and eth1 (10.1.1.36). I have tried to bind my OpenVPN client to eth1 by including the following line in my .conf file:
ip route shows that eth0 is still the default route, which is what I want, however it seems that ALL of my network traffic is going through the VPN Service instead of just the traffic assigned to eth1. I've tested this by running the VPN service and doing a traceroute,which shows the traffic going through the VPN Service.
Anyone have any suggestions on how I can fix this issue? I'm trying to set it up so I have some services (SSH, Web Server) running on eth0, and other services running on eth1 through the VPN.
I appreciate any help! Let me know if any more information is needed. Thanks,
Max
Re: How to bind OpenVPN to one network interface?
Posted: Wed Jul 18, 2012 7:24 am
by maikcat
hi there,
can you please post more info about your setup?
f.e, openvpn config file,output of: ifconfig,netstat -nr,ip route show,iptables -L -t nat -v
regards
Michael.
Re: How to bind OpenVPN to one network interface?
Posted: Thu Jul 19, 2012 4:46 am
by Maxor91
Yes, here is the info you asked for.
openvpn.conf:
Code: Select all
client
dev tun
proto udp
local 10.1.1.36
remote vpn.sanfrancisco.witopia.net 1194
resolv-retry infinite
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/CN0027XXXX.crt
key /etc/openvpn/CN0027XXXX.key
cipher BF-CBC
comp-lzo
verb 3
ifconfig:
Code: Select all
eth0 Link encap:Ethernet HWaddr 00:c0:49:fa:20:e7
inet addr:10.1.1.35 Bcast:10.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:49ff:fefa:20e7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2486702 errors:0 dropped:0 overruns:0 frame:0
TX packets:3177002 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:443869674 (423.3 MiB) TX bytes:836398442 (797.6 MiB)
Interrupt:22 Base address:0xc00
eth1 Link encap:Ethernet HWaddr 00:0c:f1:e2:16:c2
inet addr:10.1.1.36 Bcast:10.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:f1ff:fee2:16c2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2367968 errors:0 dropped:0 overruns:0 frame:0
TX packets:2137663 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1256154932 (1.1 GiB) TX bytes:970675793 (925.7 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:598735 errors:0 dropped:0 overruns:0 frame:0
TX packets:598735 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:168249655 (160.4 MiB) TX bytes:168249655 (160.4 MiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.119.75.238 P-t-P:10.119.75.237 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1349690 errors:0 dropped:0 overruns:0 frame:0
TX packets:1522526 errors:0 dropped:109 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:777006939 (741.0 MiB) TX bytes:192633288 (183.7 MiB)
netstat -nr:
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
205.164.56.59 10.1.1.1 255.255.255.255 UGH 0 0 0 eth1
10.119.75.237 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.119.72.1 10.119.75.237 255.255.255.255 UGH 0 0 0 tun0
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 10.119.75.237 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 10.119.75.237 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 10.1.1.1 0.0.0.0 UG 0 0 0 eth0
ip route show:
Code: Select all
205.164.56.59 via 10.1.1.1 dev eth1
10.119.75.237 dev tun0 proto kernel scope link src 10.119.75.238
10.119.72.1 via 10.119.75.237 dev tun0
10.1.1.0/24 dev eth1 proto kernel scope link src 10.1.1.36 metric 1
10.1.1.0/24 dev eth0 proto kernel scope link src 10.1.1.35 metric 1
0.0.0.0/1 via 10.119.75.237 dev tun0
128.0.0.0/1 via 10.119.75.237 dev tun0
default via 10.1.1.1 dev eth0 proto static
iptables -L -t nat -v:
Code: Select all
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Thanks for your help! Let me know if you need anything else. Getting this resolved would be really great.
Max
Re: How to bind OpenVPN to one network interface?
Posted: Thu Jul 19, 2012 4:58 am
by Maxor91
Oops, posted same message twice.
Re: How to bind OpenVPN to one network interface?
Posted: Thu Jul 19, 2012 12:30 pm
by maikcat
Re: How to bind OpenVPN to one network interface?
Posted: Fri Jul 20, 2012 2:05 am
by Maxor91
Well, that is exactly what I needed! Works perfectly. Thanks!
Re: How to bind OpenVPN to one network interface?
Posted: Fri Jul 20, 2012 11:26 am
by maikcat
glad to helped you out.
Regards,
Michael.