Hi, I'm rolling out Linux VRFs[0] in my network and pushed all my external connections in a VRF, so nothing bad[tm] can happen.
Doing so broke my OpenVPN connections between network nodes, as I kind of expected. I tried using the --bind option to let OpenVPN bind to the external IP for make a connection, but that doesn't work as the IP isn't resolvable via the main kernel routing table, as it's only visible within the VRFs routing table. So I tried pushing the OpenVPN socket into the VRF and that worked fine. I massaged that into a --outer-vrf option where a user could specify the VRF device. This can be found in https://github.com/OpenVPN/openvpn/pull/64 The rational why the option is called outer-vrf is that, one might want to add one for the inner-vrf, when the tun/tap interface should be part of a VRF. As this could be easily done in an ifup-script I didn't bother adding this for now. I'd be glad if this would be accepted. Best Max [0] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/vrf.txt -- They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety. (Ben Franklin) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
