Hacker News new | ask | show | jobs
by isodude 771 days ago
You can also mitigate this by placing the VPN interface in a VRF on Linux. I.e. systemd-networkd have support for doing that out of the box. One thing to watch out or is that when enabling VRF, the ip rule entry for l3mdev is listed as 1000 but rule for local traffic is listed as 0, the local rule should be moved to 1000+.
1 comments
sargun 771 days ago
Is there a way to run an app in a specific VRF nowadays?
link
tuetuopay 771 days ago
Just like with netns using ip: `ip vrf exec <vrf> <command>`. It’s been available for a while now
link
isodude 771 days ago
Look here: https://jerryxiao.cc/archives/1004

Yes, it's eBPF but the solution is quite neat to be honest. And you can integrate it into systemd units.

link