[stunnel-users] client with two source IPs and one destination

Daniele Basaldella daniele.basaldella at gmail.com
Tue May 12 19:06:00 CEST 2020 

Hi Peter,
this is exactly what I needed, it works great!

Thanks a lot for your help
My best
D.

On Mon, May 11, 2020 at 8:59 PM Peter Pentchev <roam at ringlet.net> wrote:

> On Mon, May 11, 2020 at 02:55:35PM -0400, Christopher Schultz wrote:
> > Daniele,
> >
> > On 5/11/20 10:53, Daniele Basaldella wrote:
> > > Dear group,
> > > I've to configure a couple of tunneled connections (call them TC1 and
> > > TC2), client side, on a linux system.
> > > The target of both such connections is the same (destination ip and
> port
> > > are the same, call it DST).
> > > At source side (my server) I have a two IP addresses (call them IP1 and
> > > IP2) assigned and currently working to its unique NIC. I normally use
> > > iptables SNAT to split the traffic between IP1 and IP2 depending on
> > > destination addresses but in this case I've to distinguish it at
> > > application level (TC1 and TC2).
> > > I'd like to get TC1 to set the outgoing traffic with source address IP1
> > > and TC2 to set outgoing traffic with source address IP2.
> > >
> > >     Tunnel           Tunnel
> > >     Client           Server
> > >
> > > TC1:  IP1    --\
> > >                 >-->   DST
> > > TC2:  IP2    --/
> > >
> > > I'm thinking to set one entry in stunnel.conf for each TC1 and TC2 and
> > > use *transparent* = source  clause to set the source address but it
> > > seems my case is not so common and I didn't find documentation.
> > > Please could you suggest a solution.
> >
> > If it's important for you to set the outgoing interface, then you should
> > use:
> >
> > local=IP1
> >
> > in your config for the tunnel definition.
>
> I believe Daniele's main point was the desire to avoid having two
> sections in the stunnel config, one with accept=IP1 and local=IP1
> and one with IP2. Whether it can be done with transparent proxying is
> something I've never tried, so I don't feel qualified to answer.
>
> G'luck,
> Peter
>
> --
> Peter Pentchev  roam at ringlet.net roam at debian.org pp at storpool.com
> PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
> Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200512/50ec5146/attachment.htm>

More information about the stunnel-users mailing list