Hi Andreas, Thanks for your reply. Sorry I should have been more clear.
I know that rdomains are the correct method with overlapping addressing. The challenge is that I cannot figure out how to get openvpn to initialise it’s resulting tunX interface directly into the correct rdomain? You normally move interfaces to an rdomain with; ‘ifconfig em1 rdomain 1’ However is there a way I can get openvpn to do this at the time of setting up the interface? The problem is that you cannot just create the tunnel, and then move it over to an rdomain afterwards if there is already another conflicting tunnel in the default rdomain (as the tunnel just won’t come up due to the address conflict). I realise I could redesign it so that there is never a tunX in the default rdomain, so that tunnels can be setup in the default and then moved over. But this feels rather flawed/restricting and not the proper way of doing things? I would like to script the management of these tunnels, and so if there was a way of setting up the tunnel in its own rdomain directly that would be a lot more robust :) Thanks for your time. Andy. Sent from a teeny tiny keyboard, so please excuse typos. > On 11 Sep 2018, at 21:59, Andreas Krüger <a...@patientsky.com> wrote: > > Maybe rdomains? > >> Den 11. sep. 2018 kl. 15.59 skrev Andrew Lemin <a_le...@hotmail.com>: >> >> Hi list, >> >> I use an OpenVPN based internet access service (like NordVPN, AirVPN etc). >> >> The issue with these public VPN services, is the VPN servers are always >> congested. The most I’ll get is maybe 10Mbits through one server. >> >> Local connection is a few hundred mbps.. >> >> So I had the idea of running multiple openvpn tunnels to different servers, >> and load balancing outbound traffic across the tunnels. >> >> Sounds simple enough.. >> >> However every vpn tunnel uses the same subnet and nexthop gw. This of course >> won’t work with normal routing. >> >> So my question: >> How can I use rdomains or rtables with openvpn clients, so that each VPN is >> started in its own logical VRF? >> >> And is it then a case of just using PF to push the outbound packets into the >> various rdomains/rtables randomly (of course maintaining state)? LAN >> interface would be in the default rdomain/rtable.. >> >> My confusion is that an interface needs to be bound to the logical VRF, but >> the tunX interfaces are created dynamically by openvpn. >> >> So I am not sure how to configure this within hostname.tunX etc, or if I’m >> even approaching this correctly? >> >> Thanks, Andy. >> >
