1
So I have OpenVPN on my NAS set-up and working, but my provider pushes "redirect-gateway" down meaning that all traffic is sent over VPN.
The basic problem is that I want only certain programs to use tun0 (Transmission + SabNZBd). This is made more difficult as I want those programs web interfaces to still be accessible via eth0.
So far I have the following in a route-up script:
# Demangle main routing table
ip route del table main 0.0.0.0/1 via $route_vpn_gateway dev $tun
ip route del table main 128.0.0.0/1 via $route_vpn_gateway dev $tun
# Copy default routing table to new VPN table
ip route flush table 100
ip route show table main | grep -Ev '^default via ' | while read entry; do sudo ip route add table 100 $entry; done
# Add default gateway to VPN table
ip route add table 100 default via $route_vpn_gateway dev $dev
# Add rule to make marked packets use VPN table
ip rule add fwmark 4 table 100
# Mark packets from processes in group
iptables -t mangle -A OUTPUT -m owner --gid-owner downloader -j MARK --set-mark 4
Unfortunately this isn't working. Any ideas?
Chris Banes
Posted 2013-06-06T10:39:53.137
Reputation: 111
Have you tried firewall marking by -dport or -sport instead? – NickW – 2013-06-06T10:46:25.967
@NickW: The trouble is that torrent clients use random ports, so I can't make a static rule. – Chris Banes – 2013-06-06T10:49:31.850
Maybe invert it then? Mark the ones that stay static but send them through the normal routing table, everything else through the tunnel? – NickW – 2013-06-06T10:51:33.733