On Thu, 2011-11-17 at 11:10 -0500, Benjamin LaHaise wrote:
Why not use a tun/tap interface set up with a private ip address
which the
vpn application causes to be masqueraded by the host? That should work and
be portable across all kernel versions.
Yeah, that's one of of the options. But still you have to set up NAT on
the host. And make sure you don't conflict with any IP address ranges
which might appear on local networks, or on the VPN. It doesn't really
meet the "set it up nicely" criterion :)
If you can screw with iptables rules to set up NAT, you might as well
just screw with iptables rules to block and capture the TCP packets you
want. Either way, it's a pain in the arse.
--
dwmw2