#27 Allow specifying network interface for outgoing connections

Reporter MattJ
Owner MattJ
Created
Updated
Stars ★ (1)  
Tags
  • Component-Network
  • Type-Enhancement
  • Priority-Medium
  • Status-Accepted
  1. MattJ on

    This should probably be per-host.

  2. MattJ on

    Changes
    • tags Type-Defect Type-Enhancement
  3. MattJ on

    Old bug, I don't think I've seen requests for this any time recently. Closing.

    Changes
    • tag Status-WontFix
  4. Daniel Kenzelmann on

    Please implement this feature, it should be possible to specify the interface for outgoing connections. current setup explaining the need for this: Homeserver has internet connectivity which has a dynamic (changing every 24h) IP address assignment. An OpenVPN tunnel is created to a vServer with 2 public IPv4 addresses of which 1 is assigned to the homeserver. Traffic is routed from the vServer to the homeserver via the OpenVPN connection to the public vServer IP address which is present on the homeserver on a TUN interface. Returning packets coming FROM that vServer IP on the homeserver (i.e. answering packets to requests that came in through the tunnel) are routed back into the tunnel using policy routing based on the source IP address. This setup means that by default all outbound connections from the homeserver are using the dynamic address and connections to the vServer IP using the tunnel are returned using this tunnel. This setup works very well for all services that listen for connections and allows the server to present a fixed IP to the public internet no matter how the connectivity to the homeserver is actually provided. However, prosody will also initiate outbound connections to connect to other servers via s2s. Here we would need a possibility to specify the vServer IPs (IPv4 and IPv6) or network interface that should be used for outbound connections. This functionality is present for other software that initiates outbound connections (e.g. exim, asterisk, etc) I investigated using policy routing with marking packets based on the process owner, however this has other issues (source IP address translation required, etc basically requiring a complex NAT-configuration and all in all just being way to complex for this basic feature, also depending on the content of the s2s packets this might still contain the wrong IP somewhere in the payload...)

  5. MattJ on

    Changes
    • tags Status-Accepted
  6. Daniel Kenzelmann on

    Ideally the functionality should be analogous to the exim "interface" configuration option. Basically specifying multiple IPs (IPv4, IPv6) and the first usable/matching is used: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_smtp_transport.html

New comment