I am trying to solve a task with routing and OpenVPN's configuration.
After setting the connection, I don't want it to become defaut route to anything, but rather want to use its interface for this kind of activity: curl --interface tun20 http://someaddress
.
However, without default route configured, it seems that the host system is unable to send/receive packets (I think it can't receive them back from VPN, because the sniffer at someaddress
somehow receives the tcp connection attempt packet which is never continued by data).
With default route set, VPN works OK - tested that.
ifconfig:
tun20 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.200.2.236 P-t-P:10.200.2.236 Mask:255.255.252.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:258 (258.0 B) TX bytes:0 (0.0 B)
With default route from server:
route -n:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.200.0.1 128.0.0.0 UG 0 0 0 tun20
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
10.200.0.0 0.0.0.0 255.255.252.0 U 0 0 0 tun20
66.187.67.130 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0
128.0.0.0 10.200.0.1 128.0.0.0 UG 0 0 0 tun20
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
When the default's route is discarded by route-nopull
directive, I get this:
route -n:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
10.200.0.0 0.0.0.0 255.255.252.0 U 0 0 0 tun20
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
So I want routing/forwarding recommendations on bringing this to work.
Answer
That was a nice experience to learn. From https://superuser.com/a/374566/49318, I've found a link to something worth a hour of reading man ip
and ip help
:
echo 11 mpdevtun7 >> /etc/iproute2/rt_tables
ip route add default via %yourIP% dev tun17 table mpdevtun7
ip rule add from %yourIP% lookup mpdevtun7 prio 1000
Now, curl --interface tun7
works fine. That's all, folks.
No comments:
Post a Comment