On Sat, Mar 11, 2023 at 11:30:52AM +0100, lisper.drea...@tutanota.com wrote:
> Hi Misc,
> I'm trying to use alpine linux as a router/gateway to my OpneBSD machine.
> I can set up alpine linux with vmm and configure its network, no problem so
> far.
> I'd like my host network traffic to get in and out through my alpine vm.
> The idea is to use alpine as a vpn to my host browser.
> I've been able to get PIA wireguard working on alpine vm, and I would like to
> redirect my host browser through it.
>
> Any reference anywhere?
this is a surprising request. i spend an annoying amount of time trying
to get other operating systems to do network things that i feel are easy
in openbsd rather than the other way round. with that in mind, openbsd
does support wireguard, so if PIA is using vanilla wg then it should be
possible to get openbsd to do the vpn bit for you.
however, it should be possible to do what you want. the high level idea
is to give your alpine VM a pair of network interfaces, one for the vm
to connect to PIA with, and one for your browser to talk to. the
external (PIA facing) interface needs to be connected to the outside
world like you'd connect any other vm to the net. setting it up on a
switch (veb) with your physical interface for example.
the other interface will also appear as a tap interface, but if you're
only using the vpn it provides for a browser, then your browser can talk
to the tap interface directly without needing another switch or anythign
like that. just configure an ip on the tap interface on the same subnet
as the vm.
once the vm is set up and connected, then you need to get your browser
to route to the vm. if browsing is the only thing you do on this
machine, then setting your default route to the ip address of the vm
over the tap interface will work.
if you want only the browser to use the vpn, then you can either put the
tap interface into a separate rdomain and run the browser in that
rdomain. you'll have to be careful about other traffic the browser
generates for this to work, in particular dns traffic cos the browser
will be using your /etc/resolv.conf to find nameservers. otherwise, you
can use route-to in pf, but you'll need some way for pf to identify the
browser traffic (pass out to port { http https } route-to $alpine_vm
maybe).
doing the vpn on openbsd rather than in the vm sounds less complicated
to me. good luck.
dlg
