Re: Port-based routing with OpenVPN

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: netfilter@lists.netfilter.org
Subject: Re: Port-based routing with OpenVPN
Date: Sun, 16 Sep 2007 13:05:08 +0200	[thread overview]
Message-ID: <46ED0DE4.1040300@plouf.fr.eu.org> (raw)
In-Reply-To: <20070915231545.224150@gmx.net>

Hello,

Mario Hülsegge a écrit :
> 
> i am trying to set up routing of all outgoing http-requests on my 
> workstation through my openvpn gateway (tun0). the web told me to do it:
> 
> iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 4
> ip rule add fwmark 4 lookup 3
> ip route add default dev tun0 table 3

Looks fine.

> the problem is that it does not work. tcpdump gives me:
> 
> 00:28:00.461045 IP (tos 0x0, ttl  64, id 28447, offset 0, flags [DF], 
> proto: UDP (17), length: 71) 192.168.0.125.1049 > vroot.domain: [udp sum 
> ok]  62654+ PTR? 67.11.71.195.in-addr.arpa. (43)
> 00:28:00.515190 IP (tos 0x0, ttl  56, id 0, offset 0, flags [DF], proto: 
> UDP (17), length: 127) vroot.domain > 192.168.0.125.1049:  62654 NXDomain 
> q: PTR? 67.11.71.195.in-addr.arpa. 0/1/0 ns: 71.195.in-addr.arpa. (99)
> 00:28:01.459744 arp who-has 195.71.11.67 tell 192.168.0.125
> 00:28:02.459844 arp who-has 195.71.11.67 tell 192.168.0.125

Was this trace captured on interface tun0 ?
Please use option -n so addresses and port numbers are not converted 
into confusing names.
What is the address of vroot ? Is it the other end of the VPN ?
Is the OpenVPN link configured in TUN (IP) or TAP (ethernet) mode ? The 
interface name tun0 suggests TUN mode, but the ARP requests suggest TAP 
mode. If it is TAP mode, you must specify the gateway address in the ip 
route statement just as you would do with a gateway on an ethernet link.

next prev parent reply	other threads:[~2007-09-16 11:05 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-09-15 23:15 (unknown) "Mario Hülsegge"
2007-09-16 11:05 ` Pascal Hambourg [this message]
2007-09-19 21:38   ` Port-based routing with OpenVPN Mario Hülsegge
2007-09-25 22:14   ` Mario Hülsegge
2007-09-26 10:33     ` Pascal Hambourg
2007-09-26 12:49       ` Mario Hülsegge
2007-09-26 14:10         ` Pascal Hambourg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=46ED0DE4.1040300@plouf.fr.eu.org \
    --to=pascal.mail@plouf.fr.eu.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox