-
-
Notifications
You must be signed in to change notification settings - Fork 388
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: default gateway configuration #1697
Comments
Did you get that information from execing in Gluetun?
On the other hand,
I am working on extracting the vpn gateway from this (see #1488 (comment)) which is a must the way I see it, for both port forwarding and to replace the default route as you did.
I actually implemented the natpmp client side of the protocol myself 😉 So it's built-in the gluetun Go binary, there is no separate natpmpc binary. And yes, indeed a few programs/images have natpmp feature built-in, but it's a nice to have within gluetun I think, especially when the vpn fails and would reconnect etc. |
76a92b9 should now extract the vpn gateway. It works as follows (not necessarily bullet proof, but worth trying):
|
Yes, I've put
Not sure how portable it is, didn't set up openvpn for many years, but I'd imagine it will need to set up routing table in a similar fashion. |
What's the feature 🧐
In case vpn service is providing nat-pmp for port forwarding (ProtonVPN. for example) downstream services would need an indication what is our actual default gateway capable of port forwarding (be it rtnetlink requests or just parsing
ip route
or something), which is not clear from the routing table (note - I'm using wireguard, maybe with openvpn it's different). In my case wireguard server gateway is 10.2.0.1, tun0 is 10.2.0.2.I'm able to do
ip route replace default via 10.2.0.1 dev tun0
, which explicitly forwards all traffic to the tunnel.But there's no way of automating this, from what I can see default gateway is detected on the start and applied automatically. Can we make this configurable somehow?
Also this will act as a natural kill switch since in case uplink is broken traffic is naturally not going anywhere w/o any additional iptables rules - tun0 is our default gateway.
Please let me know if I'm missing something and thank you for your work.
#1488 - somehow related. Of course you can maintain separate
natpmpc
binary, but a lot of software is perfectly capable to work with nat-pmp on it's own, it only needs an idea where to submit port forwarding request (something you tell explicitly tonatpmpc
). Basically any libtorrent-based software will work, I've tested it with libtorrent 2.0.9Extra information and references
No response
The text was updated successfully, but these errors were encountered: