#27 Allow specifying network interface for outgoing connections
This should probably be per-host.
Old bug, I don't think I've seen requests for this any time recently. Closing.
Please implement this feature, it should be possible to specify the interface for outgoing connections.
current setup explaining the need for this:
Homeserver has internet connectivity which has a dynamic (changing every 24h) IP address assignment.
An OpenVPN tunnel is created to a vServer with 2 public IPv4 addresses of which 1 is assigned to the homeserver.
Traffic is routed from the vServer to the homeserver via the OpenVPN connection to the public vServer IP address which is present on the homeserver on a TUN interface.
Returning packets coming FROM that vServer IP on the homeserver (i.e. answering packets to requests that came in through the tunnel) are routed back into the tunnel using policy routing based on the source IP address.
This setup means that by default all outbound connections from the homeserver are using the dynamic address and connections to the vServer IP using the tunnel are returned using this tunnel. This setup works very well for all services that listen for connections and allows the server to present a fixed IP to the public internet no matter how the connectivity to the homeserver is actually provided.
However, prosody will also initiate outbound connections to connect to other servers via s2s. Here we would need a possibility to specify the vServer IPs (IPv4 and IPv6) or network interface that should be used for outbound connections.
This functionality is present for other software that initiates outbound connections (e.g. exim, asterisk, etc)
I investigated using policy routing with marking packets based on the process owner, however this has other issues (source IP address translation required, etc basically requiring a complex NAT-configuration and all in all just being way to complex for this basic feature, also depending on the content of the s2s packets this might still contain the wrong IP somewhere in the payload...)
I tried to grok the logic in the lua files, however it's not entirely clear where the outbound connections are made and if I am missing any instance.
If anyone familiar with the code could just point me to the locations where the connect for outbound connections is done I'd try to come up with a patch incorporating the functionality above...