On Mon, May 11, 2020 at 02:55:35PM -0400, Christopher Schultz wrote:
> Daniele,
>
> On 5/11/20 10:53, Daniele Basaldella wrote:
> > Dear group,
> > I've to configure a couple of tunneled connections (call them TC1 and
> > TC2), client side, on a linux system.
> > The target of both such connections is the same (destination ip and port
> > are the same, call it DST).
> > At source side (my server) I have a two IP addresses (call them IP1 and
> > IP2) assigned and currently working to its unique NIC. I normally use
> > iptables SNAT to split the traffic between IP1 and IP2 depending on
> > destination addresses but in this case I've to distinguish it at
> > application level (TC1 and TC2).
> > I'd like to get TC1 to set the outgoing traffic with source address IP1
> > and TC2 to set outgoing traffic with source address IP2. 
> >
> >     Tunnel           Tunnel
> >     Client           Server
> >
> > TC1:  IP1    --\
> >                 >-->   DST 
> > TC2:  IP2    --/
> >
> > I'm thinking to set one entry in stunnel.conf for each TC1 and TC2 and
> > use *transparent* = source  clause to set the source address but it
> > seems my case is not so common and I didn't find documentation. 
> > Please could you suggest a solution.
>
> If it's important for you to set the outgoing interface, then you should
> use:
>
> local=IP1
>
> in your config for the tunnel definition.

I believe Daniele's main point was the desire to avoid having two
sections in the stunnel config, one with accept=IP1 and local=IP1
and one with IP2. Whether it can be done with transparent proxying is
something I've never tried, so I don't feel qualified to answer.

G'luck,
Peter

--
Peter Pentchev  roam@ringlet.net roam@debian.org pp@storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users