RE: Split tunnelling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

See comment below.

-----Original Message-----
From: Patrick O'Callaghan [mailto:pocallaghan@xxxxxxxxx]
Sent: dinsdag 21 augustus 2018 11:49
To: users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Split tunnelling

On Mon, 2018-08-20 at 09:46 -0700, Samuel Sieb wrote:
> On 08/20/2018 05:03 AM, Patrick O'Callaghan wrote:
> > Has anyone got this to work in Fedora? To be clear, split tunnelling is
> > when network traffic to some destinations (or for some apps) is
> > tunnelled over a VPN, while the rest of the traffic goes through normal
> > channels. I've tried messing with network namespaces, which would seem
> > to be the way to go, but not managed to get everything lined up so far.
> > All the howto's I've seen are for various flavours of Ubuntu.
>
> I don't know about apps, namespaces might work for that but I haven't
> had any reason to try that yet.
>
> However, my openvpn connection only routes the private network subnets,
> everything else goes over the regular network connection.

I'm not sure I understand what you mean by "private network subnets".
You mean it does this automatically, or you configured it that way?

> The only
> tricky part, which I haven't tried to solve, is that you can't resolve
> private DNS entries from the VPN connection.  This would likely be a
> problem with a work VPN, unless you let the work DNS resolve everything.

Indeed, that could be an issue.

Poc


=====================================================================
" To be clear, split tunnelling is
> > when network traffic to some destinations (or for some apps) is
> > tunnelled over a VPN, while the rest of the traffic goes through normal
> > channels."
No, not exactly.
That is more an example of the use of multiple routes.
Destination-A goes through gateway-A
Destination-B goes through gateway-B
All-else goes through default-gateway...
Either GW-A or GW-B could be VPN.

Split-tunneling is more that transmit and receive use different tunnels,
Or traffic to SAME destination is load-balanced over multiple, parallel tunnels.

"> tricky part, which I haven't tried to solve, is that you can't resolve
> private DNS entries from the VPN connection."
VPN-server processes can push routing info, and DNS-server addresses.
AFAICR systems accept three DNS-resolvers.
This can be tricky. If the VPN-process pushes three resolvers, the old ones will be gone (while the tunnel exists),
Thus you are unable to resolve NON-vpn-URL's.

Situation can get even more complicated, when using split-horizon DNS.
Same URL with internally, and externally different IP-addresses.



_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/IWARJZCPHY6Y6USNYS6Z7HJS72Q63LED/

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/5QHFXVZ5ZI6J6NBR4YQYEZVVK2NC544Z/
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux