Please excuse me for (probably) the noob question, but I am very new to Linux networking. I've already spent a few days searching the Internet for an answer to my question, but was unable to find one, so I decided to post a question over here, because I know a lot of skilled professionals visit this site.
Anyway, on to the actual question: I have two servers available. Let's call them Server-A and Server-B. I have established a VPN tunnel between Server-A and Server-B using OpenSWAN. I have assigned the source IPs: 192.168.2.1 for Server-A and 172.16.2.1 for Server-B. I am successfully able to ping 172.16.2.1 from Server-A and 192.168.2.1 from Server-B, so I'm assuming I've set the VPN up properly and both servers are able to communicate.
Now, on Server-A, I want to be able to do this:
When I issue an HTTP request through libcurl like this:
I'd want to see the request going out through Server-A's public IP address.
However, when I issue:
curl –interface 192.168.2.1 same_url_as_in_the_above_request
I'd want the request to go through the VPN, in order to use Server-B's Internet access, so I would expect to see Server-B's public IP address listed in the checkip response.
Right now, when I issue a request like this, I'm receiving the following error:
curl(7) : couldn't connect to host
What can I do to achieve this, or am I entirely on the wrong path? All I want to be able to do is use Server-B's Internet access from Server-A for accessing only certain websites, or when the ISP for Server-A is down for some reason. I don't need to automate that, just want to be able to do this manually, whenever needed.
I'd suppose I'd need to do some routing or NAT, but I have no idea what to do exactly – I've read a lot of materials in the past couple of days, but it's hard for me to figure out what the exact iptables and/or route commands should look like, and if at all setting up a VPN is the correct solution.
I'm really hoping someone here will be able to give me an advice, and I'm really sorry if I made you all laugh with a noob question like this.
Best regards!
Best Answer
Really the simlpest way to do this would be via HTTP proxies - and push the routing choices out to the berowser via a PAC file.
That needs a very different solution - using routing (either in iptables or via iproute2).
The VPN isn't actually required - but if you want to run a remote HTTP proxy and not have it used by every interent fraudster who can find it (*) then you MUST have some method for restricting client access to the service - a VPN is a good way way to achieve that.
*) I now see more attempts to find open web proxies than open SMTP relays on the boxes I look after