Hi!

In the old 2.4 version days, we used a private patch which accomplished the 
following:

Every clients gets a fwmark and a mask assigned via the config or a ccd file

Outbound packets
-If the systems sends a packet, it always has a fwmark assigned
-If such a packet goes thru the tun/dco device to openvpn, openvpn reads the 
fwmark
-It checks which clients have the corresponding fwmark and then does the "normal 
routing" and sends the packet

Inbound packets
-OpenVPN processes the packet coming from the client
-It knows the fwmark and attaches the mark to the package
-The system will route the packet depending on fwmark and IPs

We used this to reduce the number of OpenVPN processes in our multi tenancy 
setup to a minimum.


For the future I want to implement this again, perhaps now in DCO instead of 
tun.

Now my question is if this is of interest for the community. If yes, I would 
love to get some resonance and guidance, so that it can be merged.

If not, I would do this in our private branch.

Kind regards,

André

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to