LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-13-2014, 08:07 PM   #1
phi0x
LQ Newbie
 
Registered: Sep 2014
Posts: 2

Rep: Reputation: Disabled
Trying to understand VPN's and virtual interfaces in linux


My task at hand is I'm trying to design/build a network where I have multiple VPS's in different locations around the world, I need to interconnect them all. They are not transmitting sensitive data so I'm not that picky about getting something like ipsec encryption going as it seems to be a huge pain in the butt to figure out for data that isn't even sensitive. (would be fun someday to setup but not required as of yet)

What I'm trying to accomplish is that I have a client program that has a locked in server IP address(1.1.1.1) hard coded into the program so the user cannot alter where the program points to. However there is a way the user can change where it points to through their web-interface control panel. The web-interface simply connects to a VPS and alters the iptables table to point the user through a VPN interface of their choice.

In my current setup I have two VPS's, the client points to one of the two vps's, lets say its IP is 1.1.1.1 and the other vps is 2.2.2.2
The client also logs into a web interface on another server that's the web server, the webserver submits the iptables commands to 1.1.1.1 that points the client's IP to the VPN tunnel which connects to 2.2.2.2 if they choose in the web-interface to point to 2.2.2.2. The client always points to 1.1.1.1 regardless of what they select in the web-interface, it's just that when the incoming data from the client hits 1.1.1.1, 1.1.1.1 knows to route the traffic to the VPN tunnel 2.2.2.2 via a iptables route command.

My question is how do I create virtual interfaces/VPN on the server with lets say public IP 1.1.1.1 that connects to the other VPS public IP 2.2.2.2?

in my head I see the following scenario:

server 1.1.1.1:

venet0:0 pub ip 1.1.1.1

venet0:1 vpn virtual interface IP 10.0.0.1

server 2.2.2.2:

venet0:0 pub ip 2.2.2.2

venet0:1 vpn virtual interface IP 10.0.0.2

If the client has chosen to access vpn venet0:1 via the web interface, I want their client software to hit 1.1.1.1 and have 1.1.1.1 route them through 10.0.0.1 to 10.0.0.2

how do I tell the VPS 1.1.1.1 to route the traffic through the public IP 1.1.1.1/2.2.2.2 so the vpn virtual interfaces can work?

In other scenarios I would just setup a static route so that traffic from x client hitting 1.1.1.1 gets redirected to 2.2.2.2, however in my scenario 2.2.2.2 only accepts connections from 1.1.1.1, all other traffic is blocked so I must use vpn tunneling/routing I believe to accomplish this task of routing client traffic through 1.1.1.1's public IP which 2.2.2.2 accepts.

I'm new to linux network configuration setups and quite rusty on my networkin theory but I believe I would do something like the following:

Server 1.1.1.1

auto venet0
iface venet0 inet manual
up ifconfig venet0 up
up ifconfig venet0 127.0.0.2
up route add default dev venet0
down route del default dev venet0
down ifconfig venet0 down


iface venet0 inet6 manual
up route -A inet6 add default dev venet0
down route -A inet6 del default dev venet0

auto venet0:0 venet0:1
iface venet0:0 inet static
address 1.1.1.1
netmask 255.255.255.255

iface venet0:1 inet static
address 10.0.0.1
netmask 255.255.255.255


Server 2.2.2.2

auto venet0
iface venet0 inet manual
up ifconfig venet0 up
up ifconfig venet0 127.0.0.2
up route add default dev venet0
down route del default dev venet0
down ifconfig venet0 down


iface venet0 inet6 manual
up route -A inet6 add default dev venet0
down route -A inet6 del default dev venet0

auto venet0:0 venet0:1
iface venet0:0 inet static
address 2.2.2.2
netmask 255.255.255.255

iface venet0:1 inet static
address 10.0.0.2
netmask 255.255.255.255



and use openvpn or something to connect 10.0.0.1 to 10.0.0.2?
Any assistance/clarification would be appreciated on how a setup like this is supposed to be setup. I figured for my web interface that the iptables execution would be the easiest if I could setup the vpn tunneling, however I'm just confused on how to setup these virtual interfaces so that I can tell iptables to take incoming data from a client IP and route it to where they want to go via iptables/vpn.
 
Old 09-20-2014, 04:48 PM   #2
phi0x
LQ Newbie
 
Registered: Sep 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
I have solved it by using openvpn, openvpn auto creates the virtual interfaces, no editing of etc/network/interfaces was required.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How linux virtual interfaces work. sa6kad Linux - Networking 5 06-04-2014 02:58 PM
Bind users to Interfaces - VPN for one/ethernet for other? (Arch Linux) metaf5 Linux - Networking 1 11-01-2013 01:16 PM
[SOLVED] /etc/network/interfaces configuration for virtual interfaces nonshatter Linux - Networking 4 10-25-2010 06:22 AM
Virtual Interfaces on Linux kidskc Linux - Networking 0 05-12-2005 03:36 PM
Linux virtual interfaces....specify default ip nastea Linux - Networking 5 12-08-2004 12:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration