2 NIC, one for VPN use only, one for normal use howto?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
2 NIC, one for VPN use only, one for normal use howto?
I would like to have my company VPN setup full time on a specific NIC while my other NIC runs on my normal LAN at the house.
I would also like to lock specific applications to using only the NIC on the VPN if and only if the VPN is running, else do not connect.
I am running Fedora 29 and have no clue were to even start with this process.
The company VPN locks my computer into their Firewall rules as is to be expected, but they lock all traffic into their rules. That means I am unable to perform tasks on my Fedora system while also working. So no access to my Plex server to listen to music while I work from home...
I would like only a select group of applications, Citrix being one of them, to always go out the NIC with the VPN active and connected. If that VPN is not connected then display some kind of connection error would be great, but not required.
Thanks in advance. I plan on installing the second NIC before this weekend comes and goes.
You could run a separate Fedora instance under qemu/kvm using the new NIC to connect to the VPN. Your regular desktop and NIC can continue running normally this way.
Routing one nic to the vm is the easy bit. Routing certain apps to the nic in question is the difficult bit. If you're already running Citrix (poor you) as well, that's even worse. It may be possible to route certain IPs (e.g. Netflix, youtube) through a certain nic while pushing the default through the other. While you are waiting for a solution, why not forego normal access while working, if it won't route through your company VPN & firewall?
Code:
ifconfig eth0 down
ifconfig eth1 up
This is as much a question of changing your preferred work pattern as networking. If you're using particular apps, can you store them locally and simply upload & download data? If you're maintaining their network or accessing their network for data, you don't want simultaneous external access, surely?
Most VPN software prevents what is called "split tunneling" which is exactly what business_kid describes. With 2 connections open, the security of a VPN is negated because now external connections have access through the PC as an "intermediary".
The company VPN locks my computer into their Firewall rules as is to be expected, but they lock all traffic into their rules. That means I am unable to perform tasks on my Fedora system while also working. So no access to my Plex server to listen to music while I work from home...
I think this is the way how a VPN should work. And if you could solve what you wish - that means the VPN is not good enough.
What I could suggest is similar to post #2, probably you can do it with docker.
Instead of using two nics, how about creating a network namespace and a veth pair to link to it to establish the initial vpn connection. Or, connecting to the vpn using the 2nd nic and then moving the connection into a namespace to jail it. Then any programs he runs in the namespace would have the vpn ip, and any programs he runs in regular space (or whatever you can it.. rootspace maybe?) would have his regular ip.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.