Ubuntu 16.04 sem cabeça
Com sucesso, consegui dividir o roteamento trabalhando sob essas instruções link
O alvo é ter apenas transmissão sobre VPN e tudo mais através de eth0.
Eu executei o daemon de transmissão dentro de netns e posso conectar a transmissão web gui através de elinks, mas não consigo conectá-lo à minha rede LAN para acessá-lo do navegador dos meus computadores desktop
Minha configuração é assim
ip netns add nordvpn
ip netns exec nordvpn ip addr add 127.0.0.1/8 dev lo
ip netns exec nordvpn ip link set lo up
ip link add vpn0 type veth peer name vpn1
ip link set vpn0 up
ip link set vpn1 netns nordvpn up
ip addr add 10.200.200.1/24 dev vpn0
ip netns exec nordvpn ip addr add 10.200.200.2/24 dev vpn1
ip netns exec nordvpn ip route add default via 10.200.200.1 dev vpn1
iptables -A INPUT \! -i vpn0 -s 10.200.200.0/24 -j DROP
iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o et+ -j MASQUERADE
sysctl -q net.ipv4.ip_forward=1
/lib/systemd/system/transmission-daemon.service
[Unit]
Description=Transmission BitTorrent Daemon
After=network.target
[Service]
User=root
Type=simple
ExecStart=/bin/sh -c 'exec /sbin/ip netns exec nordvpn /usr/bin/sudo -u debian-transmission /usr/bin/transmission-daemon -f --log-error --config-dir /var/lib/transmission-daemon/info'
ExecReload=/bin/kill -s HUP $MAINPID
[Install]
WantedBy=multi-user.target
/etc/transmission/settings.json
{
"alt-speed-down": 50,
"alt-speed-enabled": false,
"alt-speed-time-begin": 540,
"alt-speed-time-day": 127,
"alt-speed-time-enabled": false,
"alt-speed-time-end": 1020,
"alt-speed-up": 50,
"bind-address-ipv4": "0.0.0.0",
"bind-address-ipv6": "::",
"blocklist-enabled": false,
"blocklist-url": "http://www.example.com/blocklist",
"cache-size-mb": 4,
"dht-enabled": true,
"download-dir": "/mnt/NFS/Movies",
"download-limit": 100,
"download-limit-enabled": 0,
"download-queue-enabled": true,
"download-queue-size": 5,
"encryption": 0,
"idle-seeding-limit": 30,
"idle-seeding-limit-enabled": false,
"incomplete-dir": "/mnt/NFS/Incomplete",
"incomplete-dir-enabled": true,
"lpd-enabled": false,
"max-peers-global": 200,
"message-level": 1,
"peer-congestion-algorithm": "",
"peer-id-ttl-hours": 6,
"peer-limit-global": 200,
"peer-limit-per-torrent": 50,
"peer-port": 51413,
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,
"peer-port-random-on-start": false,
"peer-socket-tos": "default",
"pex-enabled": true,
"port-forwarding-enabled": false,
"preallocation": 1,
"prefetch-enabled": 1,
"queue-stalled-enabled": true,
"queue-stalled-minutes": 30,
"ratio-limit": 2,
"ratio-limit-enabled": false,
"rename-partial-files": true,
"rpc-authentication-required": false,
"rpc-bind-address": "0.0.0.0",
"rpc-enabled": true,
"rpc-password": "{aaaaabbbbbcccccc",
"rpc-port": 9091,
"rpc-url": "/transmission/",
"rpc-username": "blades",
"rpc-whitelist": "127.0.0.1,10.200.200.*,192.168.2.3",
"rpc-whitelist-enabled": true,
"scrape-paused-torrents-enabled": true,
"script-torrent-done-enabled": true,
"seed-queue-enabled": false,
"seed-queue-size": 10,
"speed-limit-down": 100,
"speed-limit-down-enabled": false,
"speed-limit-up": 100,
"speed-limit-up-enabled": false,
"start-added-torrents": true,
"trash-original-torrent-files": false,
"umask": 2,
"upload-limit": 100,
"upload-limit-enabled": 0,
"upload-slots-per-torrent": 14,
"utp-enabled": true
}
/etc/openvpn/se10.nordvpn.com.udp1194.ovpn
client
dev tun
proto udp
remote 91.236.116.83 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
#mute 10000
auth-user-pass /etc/openvpn/login.conf
comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC
<ca>
-----BEGIN CERTIFICATE-----
bbbb
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
aaaaa
-----END OpenVPN Static key V1-----
</tls-auth>
curl ipv4.icanhazip.com
retorna meu endereço IP público
systemctl start transmission-daemon
ip netns exec nordvpn openvpn se10.nordvpn.com.udp1194.ovpn
ip netns pids nordvpn
2231
16252
16265
ps aux
root 16252 0.5 0.0 7672 1656 ? Ss 09:12 0:00 /usr/bin/sudo -u debian-transmission /usr/bin/transmission-daemon -f --log-error --config-dir /var/lib/transmission-daemon/info
debian-+ 16265 0.5 0.1 30700 3364 ? Sl 09:12 0:00 /usr/bin/transmission-daemon -f --log-error --config-dir /var/lib/transmission-daemon/info
root 2231 0.0 0.1 6156 2800 ? S May12 0:01 openvpn se10.nordvpn.com.udp1194.ovpn
E conectando-se a netns
ip netns exec nordvpn /bin/bash
curl ipv4.icanhazip.com
retorna o endereço vpn
O que estou fazendo errado?