Thanks David for your answer, which contains precious information on network
configuration.
I'm not a total beginner, but networking is really something which is obscure
to me.
I'm just experimenting how to configure taps, bridges, interfaces...
Actually, I've never been able to set up a vpn on OpenBSD, and my setup was
thought as an alternative to this lack of skill. I'm just learning, but the
manual and information on the web are no help to me.
Cheers,
Andy
Mar 13, 2023, 11:27 by da...@gwynne.id.au:
> On Sat, Mar 11, 2023 at 11:30:52AM +0100, lisper.drea...@tutanota.com wrote:
>
>> Hi Misc,
>> I'm trying to use alpine linux as a router/gateway to my OpneBSD machine.
>> I can set up alpine linux with vmm and configure its network, no problem so
>> far.
>> I'd like my host network traffic to get in and out through my alpine vm.
>> The idea is to use alpine as a vpn to my host browser.
>> I've been able to get PIA wireguard working on alpine vm, and I would like
>> to redirect my host browser through it.
>>
>> Any reference anywhere?
>>
>
> this is a surprising request. i spend an annoying amount of time trying
> to get other operating systems to do network things that i feel are easy
> in openbsd rather than the other way round. with that in mind, openbsd
> does support wireguard, so if PIA is using vanilla wg then it should be
> possible to get openbsd to do the vpn bit for you.
>
> however, it should be possible to do what you want. the high level idea
> is to give your alpine VM a pair of network interfaces, one for the vm
> to connect to PIA with, and one for your browser to talk to. the
> external (PIA facing) interface needs to be connected to the outside
> world like you'd connect any other vm to the net. setting it up on a
> switch (veb) with your physical interface for example.
>
> the other interface will also appear as a tap interface, but if you're
> only using the vpn it provides for a browser, then your browser can talk
> to the tap interface directly without needing another switch or anythign
> like that. just configure an ip on the tap interface on the same subnet
> as the vm.
>
> once the vm is set up and connected, then you need to get your browser
> to route to the vm. if browsing is the only thing you do on this
> machine, then setting your default route to the ip address of the vm
> over the tap interface will work.
>
> if you want only the browser to use the vpn, then you can either put the
> tap interface into a separate rdomain and run the browser in that
> rdomain. you'll have to be careful about other traffic the browser
> generates for this to work, in particular dns traffic cos the browser
> will be using your /etc/resolv.conf to find nameservers. otherwise, you
> can use route-to in pf, but you'll need some way for pf to identify the
> browser traffic (pass out to port { http https } route-to $alpine_vm
> maybe).
>
> doing the vpn on openbsd rather than in the vm sounds less complicated
> to me. good luck.
>
> dlg
>
