[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Using OpenVPN to assign public IPs

  • Subject: Re: [Openvpn-users] Using OpenVPN to assign public IPs
  • From: Drew Gibson <drew@xxxxxxxxx>
  • Date: Wed, 07 Nov 2007 10:56:29 -0500

Lindsay Haisley wrote:
On Wed, 2007-11-07 at 09:26 -0500, Cirroc wrote:
Essentially, since all the traffic passes through the server, I can use 
iptables to restict the traffic to only the few known-good ports that 
the application needs.

I do similar things here, and make good use of the nat table in the
kernel netfilter to rewrite both the destination (DNAT) and source
(SNAT) addresses as necessary so that packets go where I want them and
appear to come from wherever I say they do in the nat table.

Without addressing your problem specifically, my approach would be to
explore creative address rewriting :-)  You can get _very_ creative with
it, and if you do it right, it'll just work.

I'd love any help or thoughts in setting this up.. It feels so close, 
yet so frustratingly far away.

I know the feeling well .... ;-)

Another solution I have used for inflexible legacy systems is to take advantage of SSH port forwarding. Have a system, <fake_target_host>, SSH to itself with port forwarding enabled. eg ssh -L <port>:<real_target_host>:<port>
Point the app at <fake_target_host> and it will redirect to <real_target_host>



Drew Gibson

Systems Administrator
OANDA Corporation