4

I want to run two OpenVPN client instances on an Ubuntu Server 14.04. I have both .conf files that can work independently (both are set to different interfaces - tun0 and tun1). I want to run both at the same time, and route traffic from one application into one VPN (Private Internet Access) and all other traffic into the other VPN (An OpenVPN server I have set up on another machine).

I've been doing some research but haven't found a way to make this work. If this helps, I've included my current routing table and one of the server .confs. OpenVPN starts them automatically on boot.

Private Internet Access .conf

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.160.1.5      128.0.0.0       UG    0      0        0 tun0
default         155.92.105.254  0.0.0.0         UG    0      0        0 eth0
10.160.1.1      10.160.1.5      255.255.255.255 UGH   0      0        0 tun0
10.160.1.5      *               255.255.255.255 UH    0      0        0 tun0
64-237-37-119.c 155.92.105.254  255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       10.160.1.5      128.0.0.0       UG    0      0        0 tun0
155.92.104.0    *               255.255.254.0   U     0      0        0 eth0
Ian Hyzy
  • 141
  • 1
  • 6

1 Answers1

4

You need to add routes for your applications via the tunnels.

For example, if application A is at 10.70.82.5, and you want to route application A via Private Internet Access, you should run this command:

route add 10.70.82.5 gw "IP address of gateway at PIA"

Then, to route all other traffic via other VPN, you need to do two things:

  1. Route traffic to the other VPN server via your normal default gateway

    route add "IP address of other VPN server" gw 155.92.105.254

Here I assume this is your normal default gateway, based on your routing table in your post.

  1. Make a default route via other VPN server gateway

    route add default gw "Other VPN server gateway IP"

Remember that both OpenVPN servers need to do NAT in order for return packets to arrive correctly via the VPN.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • This might sound stupid, but how do I find the IP address of the application? I'm sure I understand that. I have a Deluge server, would I just use localhost:port to forward the traffic through PIA? – Ian Hyzy May 07 '14 at 02:58
  • While running the application, you can run `netstat -np` in a shell to see where the application connects to. Then you can route that destination IP via one VPN. – Tero Kilkanen May 07 '14 at 13:08
  • Okay, so this is my deluge daemon:
    `tcp 0 0 127.0.0.1:58846 127.0.0.1:48582 ESTABLISHED - ` Would I then use `route add 127.0.0.1:58846 gw "IP address of gateway at PIA"`? Or would I use the foreign address?     – Ian Hyzy May 07 '14 at 15:58
  • This deluge daemon doesn't communicate anywhere outside your network, so you cannot route it anywhere with OpenVPN. It seems that your original question lacks a lot of information in order to answer it properly. – Tero Kilkanen May 07 '14 at 19:35
  • It does send traffic outside the network, but it's all bitorrent traffic, it doesn't go to a single address. – Ian Hyzy May 07 '14 at 19:48
  • Not sure I fully grok what you are trying but these may help: http://www.lartc.org/howto/lartc.rpdb.multiple-links.html http://linux-ip.net/html/adv-multi-internet.html http://unix.stackexchange.com/questions/104830/block-specific-application-with-iptables – dmourati Jan 22 '15 at 07:39