top | item 40280243

(no title)

isodude | 1 year ago

You can also mitigate this by placing the VPN interface in a VRF on Linux. I.e. systemd-networkd have support for doing that out of the box. One thing to watch out or is that when enabling VRF, the ip rule entry for l3mdev is listed as 1000 but rule for local traffic is listed as 0, the local rule should be moved to 1000+.

discuss

sargun|1 year ago

Is there a way to run an app in a specific VRF nowadays?

tuetuopay|1 year ago

Just like with netns using ip: `ip vrf exec <vrf> <command>`. It’s been available for a while now

isodude|1 year ago

Look here: https://jerryxiao.cc/archives/1004

Yes, it's eBPF but the solution is quite neat to be honest. And you can integrate it into systemd units.

unknown|1 year ago

[deleted]