On Sat, Mar 11, 2023 at 11:30:52AM +0100, lisper.drea...@tutanota.com wrote: > Hi Misc, > I'm trying to use alpine linux as a router/gateway to my OpneBSD machine. > I can set up alpine linux with vmm and configure its network, no problem so > far. > I'd like my host network traffic to get in and out through my alpine vm. > The idea is to use alpine as a vpn to my host browser. > I've been able to get PIA wireguard working on alpine vm, and I would like to > redirect my host browser through it. > > Any reference anywhere?
this is a surprising request. i spend an annoying amount of time trying to get other operating systems to do network things that i feel are easy in openbsd rather than the other way round. with that in mind, openbsd does support wireguard, so if PIA is using vanilla wg then it should be possible to get openbsd to do the vpn bit for you. however, it should be possible to do what you want. the high level idea is to give your alpine VM a pair of network interfaces, one for the vm to connect to PIA with, and one for your browser to talk to. the external (PIA facing) interface needs to be connected to the outside world like you'd connect any other vm to the net. setting it up on a switch (veb) with your physical interface for example. the other interface will also appear as a tap interface, but if you're only using the vpn it provides for a browser, then your browser can talk to the tap interface directly without needing another switch or anythign like that. just configure an ip on the tap interface on the same subnet as the vm. once the vm is set up and connected, then you need to get your browser to route to the vm. if browsing is the only thing you do on this machine, then setting your default route to the ip address of the vm over the tap interface will work. if you want only the browser to use the vpn, then you can either put the tap interface into a separate rdomain and run the browser in that rdomain. you'll have to be careful about other traffic the browser generates for this to work, in particular dns traffic cos the browser will be using your /etc/resolv.conf to find nameservers. otherwise, you can use route-to in pf, but you'll need some way for pf to identify the browser traffic (pass out to port { http https } route-to $alpine_vm maybe). doing the vpn on openbsd rather than in the vm sounds less complicated to me. good luck. dlg