Routing packets through VPN and normal connection
I have a router/modem linux box, connection to DSL through PPP.
I also use an OpenVPN service, to which this box connects. My problem is that the speed cap of the VPN is just half that of the DSL connection. I don't need it for internet browsing. Is there a way I can route all the http traffic coming from the client computers (or all of the traffic will do too) through the normal connection? In other words, now I have Client(s) ----> Router/modem ---> VPN --->Internet. I want something like ---http_traffic--->Internet Client(s) ----> Router/modem ---> VPN --->Internet. Can this work? What route and iptables commands should I use? As of now I can only route all traffic either on VPN or normal PPP |
In the following thread I explain how to forward all TCP into a VPN, and everything else directly. It should be easy to adapt to your requirements. The guide starts with a configuration where everything goes directly.
http://www.linuxquestions.org/questi...9/#post4351187 |
Thank you but your guide explains how to route a client computer's traffic on a VPN.
What it is that I want is the local traffic to be VPN'ed, and the clients' not to! |
Quote:
An example of how your goal can be achieved: routing table main: has all routes, except default gateways routing table default_direct: has default gateway via ISP's router routing table default_vpn: has default gateway via VPN ip rules (output of "ip rule show"): 0: from all lookup local 32766: from all lookup main 32767: from all lookup default 40000: from all fwmark 0x100/0x100 lookup default_direct 40001: from all lookup default_vpn iptables rules: iptables -t mangle -A PREROUTING -i <lan_iface> -p tcp --dport 80 -j MARK --or-mark 0x100 It's really the same thing as the guide, expect with different names for routing tables and a different iptables match. |
Oh so I gues s that's why it wasn't working, I thouthg that by adding the default routes to the different tables one would be ok. I had to add the routes to the tables too. My bad. Thank you, I'll try and get back to you!
|
Alright, I am ashamed of myself but I can't seem to make it work.
This is what the tables look like when just the ppp connection is on. I hope this helps. All I can do for now is either get all traffic on ADSL _or_ VPN, despite following what you said. Obviously I am doing something wrong. ifconfig Code:
eth0 Link encap:Ethernet HWaddr redacted //LAN interface Code:
192.168.100.1 * 255.255.255.255 UH 0 0 0 ppp0 Code:
0: from all lookup local Code:
192.168.100.1 dev ppp0 proto kernel scope link src 79.41.151.37 ifconfig Code:
[...] Code:
Kernel IP routing table Code:
192.168.100.1 dev ppp0 proto kernel scope link src 79.41.151.37 |
Quote:
1) you still have the two default routes in the "main" routing table, rather than having one in "default_direct" and one in "default_vpn", 2) you haven't added the "ip rules" for these two routing tables, 3) you haven't added the iptables command which marks packets, 4) you probably haven't disabled the Reverse Path Filter as well. If your VPN client or PPPOE client is adding its default route directly into the "main" routing table, I can't help you with that. Consult the VPN/PPPOE client's documentation on how to make the route go into a specific routing table. |
It is working now. Thank you.
In the end I've put a general default route for the VPN and a specific one for the clients, and it is working now. My question now is, how can I make sure the configuration persists through reboots? Which files do I have to edit? |
Quote:
net.ipv4.conf.ppp0.rp_filter = 2 For iptables, most distros have init scripts that call iptables-save and iptables-restore. I'm not aware of any general mechanism for "ip rule" rules. Just make an init script or something to add/remove these rules. As far as the default routes go, consult the documentation of the VPN and PPPOE clients to see how you can take control of the routes they generate. For example, with OpenVPN this seems to be doable using "--route-noexec --route-up <script>", which allows your script to add/remove routes. |
Thank you very much. One more thing - is there a way to set up a double default route so that if the VPN suddenly disconnects the server will instead connect to the normal internet on its own without having to reconfigure everything?
|
All times are GMT -5. The time now is 03:52 PM. |