Changes between Version 2 and Version 3 of Concepts-PolicyRouting-Linux

Timestamp:

07/08/17 05:52:44 (7 years ago)

Author:

krzee king

Comment:

Last change I added a Note on another way to do it at the bottom. This time I modified it a little

Concepts-PolicyRouting-Linux

@@ -42 +42 @@
 == Note on another way to do it ==
 When I read the above write-up it taught me another way to achieve a goal that I already knew how to solve.[[BR]]
-The problem is when a server that has services listening on the internet, and then runs openvpn with redirect-gateway, the server loses its ability to host its services on its physical interface. Packets get to the service, but the servers response gets routed over the VPN and lost. A clear difference between those return packets and packets generated from the server is the source address. When the IP on the physical device is contacted, it will reply with the IP from the physical device as its source. When the server is generating traffic it will have the source IP of the device that you route through, so the VPN device.[[BR]]
+The problem is that when a server that has services listening on the internet, and then runs openvpn with redirect-gateway, the server loses its ability to host its services on its physical interface. Packets get to the service, but the return packets get routed over the VPN and lost. A clear difference between those return packets and packets generated from the server is the source address. When the IP on the physical device is contacted, it will reply with the IP from the physical device as its source. When the server is generating traffic it will have the source IP of the device that you route through, so the VPN device.[[BR]]
 If we assume the servers physical device is 10.0.0.2 and its gateway is 10.0.0.1 then the following commands should solve the problem: