Join Log in
Score:0
avatar Server

how to make vpn use other interface

mx flag
ravnur

I need to establish the vpn connection on other non-default interface because vpn restricts all traffic except vpn due to security reasons and I want to keep access to the server. I have an ec2 instance (no other options for me here) with a single default interface eth0. I attached another network interface eth1

I have an ec2 instance with single default interface eth0, I attaсhed another network interface. and now have something like this:

># ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc fq_codel state UP group default qlen 1000
    link/ether 06:2f:5d:c0:55:6e brd ff:ff:ff:ff:ff:ff
    inet ip1/20 brd ip1 scope global dynamic noprefixroute eth0
       valid_lft 2407sec preferred_lft 2407sec
    inet6 fe80::42f:5dff:fec0:556e/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc fq_codel state UP group default qlen 1000
    link/ether 06:b8:d3:46:5b:7a brd ff:ff:ff:ff:ff:ff
    inet ip2/20 brd ip2 scope global dynamic noprefixroute eth1
       valid_lft 2407sec preferred_lft 2407sec
    inet6 fe80::ebfc:115e:3acc:bb57/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: tun1: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 100
    link/none

then I tried to re-route traffic vpn traffic to eth1:

iptables -t filter -I FORWARD -i tun1 -o eth1 -j ACCEPT
iptables -t filter -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -I POSTROUTING -o eth1 -j MASQUERADE

and when I connect to the vpn I'm able to establish the connection but traffic goes via eth0 because ec2 instance is not available anymore and I have to reboot the instance.

Two questions:

  • what is wrong with my approach? What I'm missing here?
  • tunnel is always down despite I'm trying to bring it up by ifconfig tun1 up. is it ok?

thank you

31
0 + 0
vpn
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.