#27 Allow specifying network interface for outgoing connections

Reporter MattJ
Owner MattJ
Created
Updated
Stars ★ (1)
Tags
  • Type-Enhancement
  • Component-Network
  • Status-Accepted
  • Priority-Medium
  1. MattJ on

    This should probably be per-host.

  2. MattJ on

    Changes
    • tags Type-Defect Type-Enhancement
  3. MattJ on

    Old bug, I don't think I've seen requests for this any time recently. Closing.

    Changes
    • tag Status-WontFix
  4. Daniel Kenzelmann on

    Please implement this feature, it should be possible to specify the interface for outgoing connections. current setup explaining the need for this: Homeserver has internet connectivity which has a dynamic (changing every 24h) IP address assignment. An OpenVPN tunnel is created to a vServer with 2 public IPv4 addresses of which 1 is assigned to the homeserver. Traffic is routed from the vServer to the homeserver via the OpenVPN connection to the public vServer IP address which is present on the homeserver on a TUN interface. Returning packets coming FROM that vServer IP on the homeserver (i.e. answering packets to requests that came in through the tunnel) are routed back into the tunnel using policy routing based on the source IP address. This setup means that by default all outbound connections from the homeserver are using the dynamic address and connections to the vServer IP using the tunnel are returned using this tunnel. This setup works very well for all services that listen for connections and allows the server to present a fixed IP to the public internet no matter how the connectivity to the homeserver is actually provided. However, prosody will also initiate outbound connections to connect to other servers via s2s. Here we would need a possibility to specify the vServer IPs (IPv4 and IPv6) or network interface that should be used for outbound connections. This functionality is present for other software that initiates outbound connections (e.g. exim, asterisk, etc) I investigated using policy routing with marking packets based on the process owner, however this has other issues (source IP address translation required, etc basically requiring a complex NAT-configuration and all in all just being way to complex for this basic feature, also depending on the content of the s2s packets this might still contain the wrong IP somewhere in the payload...)

  5. MattJ on

    Changes
    • tags Status-Accepted
  6. Daniel Kenzelmann on

    Ideally the functionality should be analogous to the exim "interface" configuration option. Basically specifying multiple IPs (IPv4, IPv6) and the first usable/matching is used: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_smtp_transport.html

  7. Daniel Kenzelmann on

    I tried to grok the logic in the lua files, however it's not entirely clear where the outbound connections are made and if I am missing any instance. If anyone familiar with the code could just point me to the locations where the connect for outbound connections is done I'd try to come up with a patch incorporating the functionality above...

  8. Zash on

    Outbound s2s connections are created here: https://hg.prosody.im/trunk/file/84916bbe5985/plugins/mod_s2s/s2sout.lib.lua#l274 It should be using the net.server.addclient() API, but it's using luasocket directly for some reason. The code for this is in net/server_*.lua depending on which network_backend is selected. https://hg.prosody.im/trunk/file/tip/net At some point in the future, it will likely be the responsibility of the new net.connect https://hg.prosody.im/trunk/file/tip/net/connect.lua Currently only HTTP connections are handled by net.connect.

  9. MattJ on

    Yeah, net.connect is our attempt to get all outgoing connection logic into a single place in the code. The s2s code is next on the list :)

New comment

Not published. Used for spam prevention and optional update notifications.