Outbound NAT interface setting VPN provider via OpenVPN client for some of my traffic.
-
Hi,
I've a question regarding Outbound NAT when using a VPN provider via OpenVPN for SOME of my traffic.
Here is my setup in summary :
I have the following "interfaces" defined :
[interface name - network port : network]
WAN - eth0 : DHCP from provider1
LAN - eth1 : 10.10.2.0/24
OIF_DMZ - eth2 (opt1) : 10.13.6.0/24
OIF_GUEST - eth3 (opt2) : 10.12.4.0/24
WAN2 - eth5 (opt4) : DHCP from provider2
VPN_OVPNA - ovpnc4 (labelled "VPN_ASU"): DHCP from PIAin the future, some VLANs on a trunk interface (eth4)
As you can see above, I already created a VPN client.
the VPN client will go out over WAN or WAN2 (so this will change a few times)
It also created a new gateway automatically "VPN_OVPNA_VPN4"The goal is to route traffic for some(!) static hosts in LAN or DMZ out over the VPN_OVPNA interface
(and in the future, route the traffic from a whole VLAN out over VPN)
but my main traffic will still go out via WAN by default (so that will remain the default route)Outbound NAT mode is set to manual
I'm confused as to which interface to use with the creation of the outbound NAT rules :
so I'm supposed to duplicate all existing NAT rules (for each of the above networks, including 127.0.0.0/8) for outbound NAT on the VPN
the options I have, are of course all the interfaces listed above, and what seems to be a generic interface "OpenVPN"In the documentation of the VPN provider, I read that I've to configure "OpenVPN" for the interface.
In other documentation I read that I've to configure my VPN "interface" (so in my case "VPN_OVPNA") for the interface.So what should I take for the interface for the outbound NAT creation?
Any advice is appreciated
-
@lightningbit said in [Outbound NAT interface setting VPN provider
In other documentation I read that I've to configure my VPN "interface" (so in my case "VPN_OVPNA") for the interface.
This. And as Source your "LANs", that will use it.
-
@bob-dig said in Outbound NAT interface setting VPN provider via OpenVPN client for some of my traffic.:
@lightningbit said in [Outbound NAT interface setting VPN provider
In other documentation I read that I've to configure my VPN "interface" (so in my case "VPN_OVPNA") for the interface.
This. And as Source your "LANs", that will use it.
Thanks, I will go that way.
-
Strange, since I've completed this setup :
- adding the outbound NAT for the VPN
- creating the gateway
- add a dynamic dns entry for the VPN "wan" interface
some process or something kicked in, because now I get a mail every 15 minutes with in the subject :
Arpwatch Notification : Cron <root@aureliusgate01> /etc/rc.filter_configure_sync
and the following content in the mail body :
X-Cron-Env: <SHELL=/bin/sh> X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin> X-Cron-Env: <HOME=/root> X-Cron-Env: <LOGNAME=root> X-Cron-Env: <USER=root> 0 addresses deleted. 0 addresses deleted.
I know this is the cron line with the schedule
0,15,30,45 * * * * root /etc/rc.filter_configure_sync
but I didn't add it or activate it, so it was there already, so I wonder why it now is "active" or sending these mails?