On 21/9/2015 2:22 μμ, [email protected] wrote:
> You could use OpenVPN --client-connect script to assign specific
> iptables NAT rules on a per client basis:
>
> Client-connect - client 1:
> iptables -t nat -A POSTROUTING -s 10.10.112.101/32 -j SNAT --to-source
> 194.xxx.xxx.151
Thank you for this idea. I am thinking of using a client-connect script
with the following logic:
$n = $number_of_clients_connected (before this new one)
$ip = $((150+n%6))
$local_ip = $trusted_ip
iptables -t nat -A POSTROUTING -s $local_ip -j SNAT --to-source
194.xxx.xxx.$ip
This would assign a session-long public ip address to each client. In
case there are more than 6 clients connected at the same time, new
clients will be assigned the same public addresses for a second time, etc.
But: Is there an environment variable to denote
$number_of_clients_connected ? If there's not, I could deduce it this way:
cat /var/log/openvpn-status.log | awk '/^CLIENT_LIST/{print $1}' | wc -l
(assuming a directive: status /var/log/openvpn-status.log), but this is
not accurate, because this file is only written once per minute and does
not guarantee real info.
Any ideas on it?
Thanks,
Nick
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
