Jump to content
Not connected, Your IP: 18.220.95.15
AirVPN
Sign in to follow this  
Followers 0
Zxurian

Assistance in creating routing rules

By Zxurian, ... in General & Suggestions

Recommended Posts

Zxurian    3

Zxurian
Posted ...

I'm running Ubuntu, and I'm trying to create some alternate routing rules via iptables for traffic shaping. (some traffic to vpn, some traffic out regular gateway).

 

I've know that I have to use the "route-noexec" directive with the OpenVPN conf, however I seem to be missing something.

 

With the default configuration file downloaded from AirVPN, the following routing rules are added upon a VPN connection.

 

May 20 20:44:08 xbmc ovpn-airvpn[1149]: /sbin/ip addr add dev tun0 local 10.4.11.130 peer 10.4.11.129
May 20 20:44:08 xbmc ovpn-airvpn[1149]: /home/xbmc/.config/openvpn/up.sh tun0 1500 1558 10.4.11.130 10.4.11.129 init
May 20 20:44:08 xbmc ovpn-airvpn[1149]: /sbin/ip route add 198.144.158.11/32 via 192.168.199.1
May 20 20:44:08 xbmc ovpn-airvpn[1149]: /sbin/ip route add 0.0.0.0/1 via 10.4.11.129
May 20 20:44:08 xbmc ovpn-airvpn[1149]: /sbin/ip route add 128.0.0.0/1 via 10.4.11.129
May 20 20:44:08 xbmc ovpn-airvpn[1149]: /sbin/ip route add 10.4.0.1/32 via 10.4.11.129
May 20 20:44:08 xbmc ovpn-airvpn[1149]: Initialization Sequence Completed
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.4.11.129     128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.199.1   0.0.0.0         UG    0      0        0 eth0
10.4.0.1        10.4.11.129     255.255.255.255 UGH   0      0        0 tun0
10.4.11.129     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.4.11.129     128.0.0.0       UG    0      0        0 tun0
192.168.199.0   0.0.0.0         255.255.255.0   U     1      0        0 eth0
198.144.158.11  192.168.199.1   255.255.255.255 UGH   0      0        0 eth0
 

 

Now with the "route-noexec" directive, the IP's are passed from OpenVPN into the route-up script file, which I can then add my own routes, and if I wanted to duplicate the default routes, would be the following

#!/bin/sh
/sbin/ip route add 0.0.0.0/1 via $5
/sbin/ip route add 128.0.0.0/1 via $5
/sbin/ip route add 10.4.0.1/32 via $5

 

However if I run "route-noexec" with that script file, I'm unable to do any dns lookups. I'm assuming it's because I'm missing the following rule from the original connection

 

/sbin/ip route add 198.144.158.11/32 via 192.168.199.1
 

 

 

If I want to setup the VPN, but only direct traffic on a certain port towards the VPN's gateway, do I need that extra IP address, and if so, where do I get it from?

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...