Changes between Version 2 and Version 3 of UserGuide/VPN


Ignore:
Timestamp:
10/23/2015 10:49:12 AM (8 years ago)
Author:
bro
Comment:

Added section on Linux and reference to IfaceWatch? plugin.

Legend:

Unmodified
Added
Removed
Modified
  • UserGuide/VPN

    v2 v3  
    55There are two basic options when using VPN. 
    66 
    7  1. Use the VPN as the primary connection with default routing passing through the VPN. This way all the traffic uses the VPN. 
     7 1. Use the VPN as the primary connection with default routing passing through the VPN. This way all the traffic from the host uses the VPN. 
    88 1. Use the VPN connection only for specific traffic. All network traffic passes through the default interface except for the traffic you specifically want to route through the VPN interface. 
     9 
     10Routing only specific traffic through the VPN interface can be useful, but is also the most tricky to configure.  
     11 
     12== Linux == 
     13 
     14Directing only some traffic through the VPN interface can be achieved using iptables. There are two different solutions: 
     15 
     16 1. Route all traffic from a specific user (i.e. traffic from all processes owned by a specific user) through the VPN interface. 
     17 1. Route all traffic that matches specific ports or protocols 
     18 
     19=== Route all traffic from a specific user === 
     20 
     21Example scripts on how to setup this configuration can be found in [https://github.com/bendikro/deluge-vpn the deluge-vpn repo]. 
     22 
    923 
    1024== FreeBSD == 
     
    1226=== Multiple routing tables === 
    1327 
    14 FreeBSD supports multiple routing tables in the kernel, which enables a process to be started with a custom default routing table. 
     28FreeBSD supports multiple routing tables in the kernel, which enables a process to be started with a custom default routing table. This requires recompiling the kernel with this option enabled (See [https://blog.gonyeo.com/posts/2014-05-12-multiple-routes-freebsd.html this blog post] for details). 
     29 
    1530 
    1631With an alternate routing table already set up (on -1) you can start Deluge daemon with: 
     
    4560$ setfib -1 traceroute www.google.com 
    4661}}} 
     62 
     63== Handling IP changes on VPN interface == 
     64 
     65Whenever the IP on the VPN interface changes (for whatever reason), it is necessary to update the routing table with the new IP. However, if deluge is setup to listen on a specific IP, it is also necessary to update deluge with the new IP. Instead of manually setting the new IP in the preferences, the plugin [http://dev.deluge-torrent.org/wiki/Plugins/IfaceWatch IfaceWatch] can be used to do this automatically based on the network interface name. 
     66