On 12/23/2013 07:04 PM, Michael Orlitzky wrote: > > The not-simple solutions are probably going to involve reorganizing your > network a bit; having a workstation, web server, and VPN client all on > one box is giving you conflicting requirements. But maybe if you're > lucky, you have a static public IP address on the VPN. In that case you > can always access the website via the VPN address.
The thing that you really want to enforce is that incoming packets "go out" over the same connection that they came in on. Ignoring the fact that the last sentence doesn't really make sense, it can be done for multiple (redundant) upstream providers: http://www.lartc.org/howto/lartc.rpdb.multiple-links.html However, the routing table in that scenario is fixed. I wouldn't bet on OpenVPN being able to add its routes without messing something up.
