[Durham] Linux routing via 2 Open vpn servers to different destinations
Richard Mortimer
richm at oldelvet.org.uk
Fri Dec 20 20:21:37 UTC 2013
On 20/12/2013 19:26, Andrew Glass wrote:
> Good evening peeps :)
>
> Merry Christmas! :D
>
> Ok so Ive just this moment decided to do myself a little project
> involving my little odroid-U2 quad I bought (cracking little bit of kit
> basically a samsung galaxy s3 quad with 2 gb ram on a board smaller than
> a raspberry pi with eth, 2 x usb 2 ports, 3.5mm audi, mini hdmi, eMMC
> and microsd slots)
Sounds nice. Do you have a link? (I'm too lazy to type it into Google!)
>
> What I basically want is a permanent vpn connection for all my outgoing
> traffic routing via the odroid which will run openvpn to my openvpn
> server in Amsterdam (digitalocean droplet) then depending on the website
> I want, I would like it to split off in one of two directions.
Ok.
>
> If the address is netflix (so much more choice on the USA netflix
> compared to UK) I want it to route from Amsterdam to my openvpn server
> in New York so I can watch USA Netflix. If its any other type of
> traffic its to jump off the vpn at amsterdam and go surfing on the
> normal internet. Does that make sense?
Yes.
>
> I have a basic range of netflix addresses which are also served via
> Amazon EC2.
Good.
>
> Im just trying to figure out the routing commands to add to my server/
> openvpn configuration in Amsterdam to allow this to happen.
Ok. So assuming that you have a suitable (presumably openvpn) link
between Amsterdam and New York. Then you should just be able to tell the
box to route the netflix range of addresses via New York.
Note that you will need to encapsulate the packets in some protocol
between Ams and NY because if you try to use real addresses the internet
will just grab the packets and send them in the wrong direction.
So in (old money) route command syntax that would be
route add -net aa.bb.cc.dd/nn gw ny.open.vpn.ip
you might need to add a 'dev xxxx' to the end of that to force it to
use the local end of your Amsterdam-NewYork openvpn link network
interface (xxxx)
In new money (ip route) command that is something like
ip route add to unicast aa.bb.cc.dd/nn via ny.open.vpn.ip dev xxxx
but beware I'm more used to the old style commands for simple things so
the latter might need tweaking.
Now there might need to be some magic to ensure that packets get routed
back from your NY VPN via Amsterdam.
Another option to consider would be to just do the routing on your
odroid and connect to both VPNs from there.
>
> This is the first time I have done anything this complicated. Can it be
> done? Examples of any useful routing commands to achieve this would be
> most gratefully received.
Have fun.
My main suggestion would be to get things working in steps. OpenVPN from
odroid to Amsterdam, then OpenVPN Ams to NY. Then ping NY (via openvpn)
from odroid. Then finally start thinking about getting to Netflix. I'm
sure there will be a few layers of NAT translation in that lot so plenty
of scope for packets to go missing!
Regards
Richard
>
> Hope you are all well :)
>
> Cheers
>
> Andy
>
>
>
>
> _______________________________________________
> Durham mailing list - Durham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/durham
> http://www.nelug.org.uk/
>
More information about the Durham
mailing list