Ideally the invoking process would open /dev/net/tun and pass it in after dropping root.
-
-
I want to pick my own local & remote ips & and have openvpn snat/dnat them to whatever the server offers.
-
With openvpn never having opportunity/permissions to change routes on the host.
-
If "in a container" is OK, then the link posted by
@jessfraz is gold, just remove `net:host` from Compose file …/… -
if you don't even want that, then: create tun/tap device with tunctl (in uml-utilities), pass it to OpenVPN with --dev-node …/…
-
and setup routes by hand (or setup OpenVPN to call a super locked down sudo script to do it). That should do it!
-
I still don't see how to get opepvpn to do --client-nat to match the ips the remote offers.
-
You could use the --ipchange flag to configure the IP addresses through a secured script. …/…
-
I don't want it to configure ips at all. I want it to --client-nat to remap the ip I choose to the remote-offered one.
- 1 more reply
New conversation -
-
-
ah poo, foiled
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.