LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Network configuration (https://www.linuxquestions.org/questions/linux-newbie-8/network-configuration-4175464758/)

Ser Olmy 06-07-2013 11:35 AM
Quote:
Originally Posted by Tabraiz (Post 4967016)
1. -o will only be effective on tun0 interface whereas -d option which I've chosen is not bonded to any specific interface and will always be effective regardless of any routing change takes place in future.
2. All traffic passes through tun0 interface will have source IP changed to 10.223.102.254 whereas -d ensures that source IP is only modified for a specific IP 10.123.102.1 in this case.
I see your point, but consider this: The tun0 interface exists solely because it serves as a tunnel to the remote network. All traffic going through tun0 is by definition bound for the remote network at the other end of the tunnel.

In his initial post, raghavhosur states that he's been assigned a particular IP address to serve as the source address for any communication with the remote network. He also mentions one of the IP addresses he needs to reach in that network, but there may be others.

By using the "-o tun0" option, we ensure that all traffic going through the tunnel is NATed behind the correct address. If the tunnel definition covers other addresses, traffic to those addresses are NATed as well. The "-d <address>" option, however, only works for that one specific destination address, and the NAT rule will have to be modified should the tunnel definition ever change.

I say leave it to the VPN software to decide what goes through the tunnel or not, and tie the NAT rule to the tunnel interface.


All times are GMT -5. The time now is 06:27 PM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page