Split tunnel routing a specific port over OpenVPN on Ubuntu Server 12.04
So I know there is another question on here that I used as a guide as it was super helpful! (Setup routing and iptables for new VPN connection to redirect **only** ports 80 and 443) Only my goal is a bit different. I am running a headless gui-less install of Ubuntu Server 12.04 that is being used for a variety of different purposes... I would like all traffic to travel un-prohibited through my ISP except for my transmission traffic. I have a VPN i subscribe to that allows me access for which I only want to direct a single port's traffic to. I am currently using a modified version of the code from the above link. My current code is below:
#!/bin/sh
sleep 200
DEV1=eth0
IP1=`ifconfig|perl -nE'/dr:(S+)/&&say$1'|grep 192.`
GW1=10.0.1.1
TABLE1=open
TABLE2=vpn
DEV2=tun0
IP2=`ifconfig|perl -nE'/dr:(S+)/&&say$1'|grep 10.`
GW2=`route -n | grep 'UG[ t]' | awk '{print $2}'`
ip route flush table $TABLE1
ip route flush table $TABLE2
ip route show table main | grep -Ev ^default | while read ROUTE ; do
ip route add table $TABLE1 $ROUTE
ip route add table $TABLE2 $ROUTE
done
ip route add table $TABLE1 $GW1 dev $DEV1 src $IP1
ip route add table $TABLE2 $GW2 dev $DEV2 src $IP2
ip route add table $TABLE1 default via $GW1
ip route add table $TABLE2 default via $GW2
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "2" > /proc/sys/net/ipv4/conf/tun0/rp_filter
ip rule add from $IP1 lookup $TABLE1
ip rule add from $IP2 lookup $TABLE2
ip rule add fwmark 1 lookup $TABLE1
ip rule add fwmark 2 lookup $TABLE2
iptables -t nat -A POSTROUTING -o $DEV1 -j SNAT --to-source $IP1
iptables -t nat -A POSTROUTING -o $DEV2 -j SNAT --to-source $IP2
iptables -t nat -A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -t nat -A PREROUTING -i $DEV1 -m state --state NEW -j CONNMARK --set-mark 1
iptables -t nat -A PREROUTING -i $DEV2 -m state --state NEW -j CONNMARK --set-mark 2
iptables -t nat -A PREROUTING -m connmark --mark 1 -j MARK --set-mark 1
iptables -t nat -A PREROUTING -m connmark --mark 2 -j MARK --set-mark 2
iptables -t nat -A PREROUTING -m state --state NEW -m connmark ! --mark 0 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -i $DEV2 -m state --state NEW -p tcp --dport 44447 -j CONNMARK --set-mark 2
iptables -t mangle -A PREROUTING -i $DEV2 -m state --state NEW -p udp --dport 44447 -j CONNMARK --set-mark 2
route del default
ip route del 0.0.0.0/1
ip route del 128.0.0.0/1
route add default gw $GW1 eth0
I took into account the original poster's own comments, modified it to my IP configuration and port needs... extended the sleep to ensure the OpenVPN configuration had occured... And then also deleted two routes that I believe were added by my VPN provider for a fallback incase the default route failed... Now everything seems to be okay except a few things...
- traceroutes fail... completely...
$ traceroute yahoo.com
traceroute to yahoo.com (206.190.36.45), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
- ping results in 100% packet loss
$ ping google.com
PING google.com (173.194.43.46) 56(84) bytes of data.
^C
--- google.com ping statistics ---
119 packets transmitted, 0 received, 100% packet loss, time 118945ms
I don't know what is causing this???
$ nslookup
> google.com
Server: 10.0.1.1
Address: 10.0.1.1#53
Non-authoritative answer:
Name: google.com
Address: 173.194.43.46
Name: google.com
Address: 173.194.43.38
Name: google.com
Address: 173.194.43.35
Name: google.com
Address: 173.194.43.41
Name: google.com
Address: 173.194.43.39
Name: google.com
Address: 173.194.43.34
Name: google.com
Address: 173.194.43.36
Name: google.com
Address: 173.194.43.37
Name: google.com
Address: 173.194.43.32
Name: google.com
Address: 173.194.43.40
Name: google.com
Address: 173.194.43.33
route table below:
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default Rolands-AirPort 0.0.0.0 UG 0 0 0 eth0
default Rolands-AirPort 0.0.0.0 UG 100 0 0 eth0
10.0.1.0 * 255.255.255.255 UH 0 0 0 eth0
10.0.1.0 * 255.255.255.0 U 0 0 0 eth0
10.4.0.1 10.4.49.21 255.255.255.255 UGH 0 0 0 tun0
10.4.49.21 * 255.255.255.255 UH 0 0 0 tun0
hosted-by.lease Rolands-AirPort 255.255.255.255 UGH 0 0 0 eth0
Any help would be greatly appreciated!
linux networking vpn routing openvpn
add a comment |
So I know there is another question on here that I used as a guide as it was super helpful! (Setup routing and iptables for new VPN connection to redirect **only** ports 80 and 443) Only my goal is a bit different. I am running a headless gui-less install of Ubuntu Server 12.04 that is being used for a variety of different purposes... I would like all traffic to travel un-prohibited through my ISP except for my transmission traffic. I have a VPN i subscribe to that allows me access for which I only want to direct a single port's traffic to. I am currently using a modified version of the code from the above link. My current code is below:
#!/bin/sh
sleep 200
DEV1=eth0
IP1=`ifconfig|perl -nE'/dr:(S+)/&&say$1'|grep 192.`
GW1=10.0.1.1
TABLE1=open
TABLE2=vpn
DEV2=tun0
IP2=`ifconfig|perl -nE'/dr:(S+)/&&say$1'|grep 10.`
GW2=`route -n | grep 'UG[ t]' | awk '{print $2}'`
ip route flush table $TABLE1
ip route flush table $TABLE2
ip route show table main | grep -Ev ^default | while read ROUTE ; do
ip route add table $TABLE1 $ROUTE
ip route add table $TABLE2 $ROUTE
done
ip route add table $TABLE1 $GW1 dev $DEV1 src $IP1
ip route add table $TABLE2 $GW2 dev $DEV2 src $IP2
ip route add table $TABLE1 default via $GW1
ip route add table $TABLE2 default via $GW2
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "2" > /proc/sys/net/ipv4/conf/tun0/rp_filter
ip rule add from $IP1 lookup $TABLE1
ip rule add from $IP2 lookup $TABLE2
ip rule add fwmark 1 lookup $TABLE1
ip rule add fwmark 2 lookup $TABLE2
iptables -t nat -A POSTROUTING -o $DEV1 -j SNAT --to-source $IP1
iptables -t nat -A POSTROUTING -o $DEV2 -j SNAT --to-source $IP2
iptables -t nat -A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -t nat -A PREROUTING -i $DEV1 -m state --state NEW -j CONNMARK --set-mark 1
iptables -t nat -A PREROUTING -i $DEV2 -m state --state NEW -j CONNMARK --set-mark 2
iptables -t nat -A PREROUTING -m connmark --mark 1 -j MARK --set-mark 1
iptables -t nat -A PREROUTING -m connmark --mark 2 -j MARK --set-mark 2
iptables -t nat -A PREROUTING -m state --state NEW -m connmark ! --mark 0 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -i $DEV2 -m state --state NEW -p tcp --dport 44447 -j CONNMARK --set-mark 2
iptables -t mangle -A PREROUTING -i $DEV2 -m state --state NEW -p udp --dport 44447 -j CONNMARK --set-mark 2
route del default
ip route del 0.0.0.0/1
ip route del 128.0.0.0/1
route add default gw $GW1 eth0
I took into account the original poster's own comments, modified it to my IP configuration and port needs... extended the sleep to ensure the OpenVPN configuration had occured... And then also deleted two routes that I believe were added by my VPN provider for a fallback incase the default route failed... Now everything seems to be okay except a few things...
- traceroutes fail... completely...
$ traceroute yahoo.com
traceroute to yahoo.com (206.190.36.45), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
- ping results in 100% packet loss
$ ping google.com
PING google.com (173.194.43.46) 56(84) bytes of data.
^C
--- google.com ping statistics ---
119 packets transmitted, 0 received, 100% packet loss, time 118945ms
I don't know what is causing this???
$ nslookup
> google.com
Server: 10.0.1.1
Address: 10.0.1.1#53
Non-authoritative answer:
Name: google.com
Address: 173.194.43.46
Name: google.com
Address: 173.194.43.38
Name: google.com
Address: 173.194.43.35
Name: google.com
Address: 173.194.43.41
Name: google.com
Address: 173.194.43.39
Name: google.com
Address: 173.194.43.34
Name: google.com
Address: 173.194.43.36
Name: google.com
Address: 173.194.43.37
Name: google.com
Address: 173.194.43.32
Name: google.com
Address: 173.194.43.40
Name: google.com
Address: 173.194.43.33
route table below:
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default Rolands-AirPort 0.0.0.0 UG 0 0 0 eth0
default Rolands-AirPort 0.0.0.0 UG 100 0 0 eth0
10.0.1.0 * 255.255.255.255 UH 0 0 0 eth0
10.0.1.0 * 255.255.255.0 U 0 0 0 eth0
10.4.0.1 10.4.49.21 255.255.255.255 UGH 0 0 0 tun0
10.4.49.21 * 255.255.255.255 UH 0 0 0 tun0
hosted-by.lease Rolands-AirPort 255.255.255.255 UGH 0 0 0 eth0
Any help would be greatly appreciated!
linux networking vpn routing openvpn
I looked further into my route tables and I found that for some reason the VPN was also pushing a route into my "open" table to override my defaults to my ISP. I am adding these two lines to my script to successfully resolve the issue.ip route del table open 0.0.0.0/1
ip route del table open 128.0.0.0/1
– user230409
Jun 12 '13 at 19:10
well my routing is still not working right... I now have successful pings and traceroutes to external ip's so I know my traffic is defaulting to the open table or using the main table... However my transmission client does not seem to be using the VPN and as such I am not connectable. I can see that transmission is announcing my external IP from my ISP and not the IP from my VPN. I am attempting to overcome this by addingip route add table vpn default dev tun0
because there was no default route in my VPN table... if anyone has any ideas please help!
– user230409
Jun 12 '13 at 21:29
add a comment |
So I know there is another question on here that I used as a guide as it was super helpful! (Setup routing and iptables for new VPN connection to redirect **only** ports 80 and 443) Only my goal is a bit different. I am running a headless gui-less install of Ubuntu Server 12.04 that is being used for a variety of different purposes... I would like all traffic to travel un-prohibited through my ISP except for my transmission traffic. I have a VPN i subscribe to that allows me access for which I only want to direct a single port's traffic to. I am currently using a modified version of the code from the above link. My current code is below:
#!/bin/sh
sleep 200
DEV1=eth0
IP1=`ifconfig|perl -nE'/dr:(S+)/&&say$1'|grep 192.`
GW1=10.0.1.1
TABLE1=open
TABLE2=vpn
DEV2=tun0
IP2=`ifconfig|perl -nE'/dr:(S+)/&&say$1'|grep 10.`
GW2=`route -n | grep 'UG[ t]' | awk '{print $2}'`
ip route flush table $TABLE1
ip route flush table $TABLE2
ip route show table main | grep -Ev ^default | while read ROUTE ; do
ip route add table $TABLE1 $ROUTE
ip route add table $TABLE2 $ROUTE
done
ip route add table $TABLE1 $GW1 dev $DEV1 src $IP1
ip route add table $TABLE2 $GW2 dev $DEV2 src $IP2
ip route add table $TABLE1 default via $GW1
ip route add table $TABLE2 default via $GW2
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "2" > /proc/sys/net/ipv4/conf/tun0/rp_filter
ip rule add from $IP1 lookup $TABLE1
ip rule add from $IP2 lookup $TABLE2
ip rule add fwmark 1 lookup $TABLE1
ip rule add fwmark 2 lookup $TABLE2
iptables -t nat -A POSTROUTING -o $DEV1 -j SNAT --to-source $IP1
iptables -t nat -A POSTROUTING -o $DEV2 -j SNAT --to-source $IP2
iptables -t nat -A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -t nat -A PREROUTING -i $DEV1 -m state --state NEW -j CONNMARK --set-mark 1
iptables -t nat -A PREROUTING -i $DEV2 -m state --state NEW -j CONNMARK --set-mark 2
iptables -t nat -A PREROUTING -m connmark --mark 1 -j MARK --set-mark 1
iptables -t nat -A PREROUTING -m connmark --mark 2 -j MARK --set-mark 2
iptables -t nat -A PREROUTING -m state --state NEW -m connmark ! --mark 0 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -i $DEV2 -m state --state NEW -p tcp --dport 44447 -j CONNMARK --set-mark 2
iptables -t mangle -A PREROUTING -i $DEV2 -m state --state NEW -p udp --dport 44447 -j CONNMARK --set-mark 2
route del default
ip route del 0.0.0.0/1
ip route del 128.0.0.0/1
route add default gw $GW1 eth0
I took into account the original poster's own comments, modified it to my IP configuration and port needs... extended the sleep to ensure the OpenVPN configuration had occured... And then also deleted two routes that I believe were added by my VPN provider for a fallback incase the default route failed... Now everything seems to be okay except a few things...
- traceroutes fail... completely...
$ traceroute yahoo.com
traceroute to yahoo.com (206.190.36.45), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
- ping results in 100% packet loss
$ ping google.com
PING google.com (173.194.43.46) 56(84) bytes of data.
^C
--- google.com ping statistics ---
119 packets transmitted, 0 received, 100% packet loss, time 118945ms
I don't know what is causing this???
$ nslookup
> google.com
Server: 10.0.1.1
Address: 10.0.1.1#53
Non-authoritative answer:
Name: google.com
Address: 173.194.43.46
Name: google.com
Address: 173.194.43.38
Name: google.com
Address: 173.194.43.35
Name: google.com
Address: 173.194.43.41
Name: google.com
Address: 173.194.43.39
Name: google.com
Address: 173.194.43.34
Name: google.com
Address: 173.194.43.36
Name: google.com
Address: 173.194.43.37
Name: google.com
Address: 173.194.43.32
Name: google.com
Address: 173.194.43.40
Name: google.com
Address: 173.194.43.33
route table below:
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default Rolands-AirPort 0.0.0.0 UG 0 0 0 eth0
default Rolands-AirPort 0.0.0.0 UG 100 0 0 eth0
10.0.1.0 * 255.255.255.255 UH 0 0 0 eth0
10.0.1.0 * 255.255.255.0 U 0 0 0 eth0
10.4.0.1 10.4.49.21 255.255.255.255 UGH 0 0 0 tun0
10.4.49.21 * 255.255.255.255 UH 0 0 0 tun0
hosted-by.lease Rolands-AirPort 255.255.255.255 UGH 0 0 0 eth0
Any help would be greatly appreciated!
linux networking vpn routing openvpn
So I know there is another question on here that I used as a guide as it was super helpful! (Setup routing and iptables for new VPN connection to redirect **only** ports 80 and 443) Only my goal is a bit different. I am running a headless gui-less install of Ubuntu Server 12.04 that is being used for a variety of different purposes... I would like all traffic to travel un-prohibited through my ISP except for my transmission traffic. I have a VPN i subscribe to that allows me access for which I only want to direct a single port's traffic to. I am currently using a modified version of the code from the above link. My current code is below:
#!/bin/sh
sleep 200
DEV1=eth0
IP1=`ifconfig|perl -nE'/dr:(S+)/&&say$1'|grep 192.`
GW1=10.0.1.1
TABLE1=open
TABLE2=vpn
DEV2=tun0
IP2=`ifconfig|perl -nE'/dr:(S+)/&&say$1'|grep 10.`
GW2=`route -n | grep 'UG[ t]' | awk '{print $2}'`
ip route flush table $TABLE1
ip route flush table $TABLE2
ip route show table main | grep -Ev ^default | while read ROUTE ; do
ip route add table $TABLE1 $ROUTE
ip route add table $TABLE2 $ROUTE
done
ip route add table $TABLE1 $GW1 dev $DEV1 src $IP1
ip route add table $TABLE2 $GW2 dev $DEV2 src $IP2
ip route add table $TABLE1 default via $GW1
ip route add table $TABLE2 default via $GW2
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "2" > /proc/sys/net/ipv4/conf/tun0/rp_filter
ip rule add from $IP1 lookup $TABLE1
ip rule add from $IP2 lookup $TABLE2
ip rule add fwmark 1 lookup $TABLE1
ip rule add fwmark 2 lookup $TABLE2
iptables -t nat -A POSTROUTING -o $DEV1 -j SNAT --to-source $IP1
iptables -t nat -A POSTROUTING -o $DEV2 -j SNAT --to-source $IP2
iptables -t nat -A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -t nat -A PREROUTING -i $DEV1 -m state --state NEW -j CONNMARK --set-mark 1
iptables -t nat -A PREROUTING -i $DEV2 -m state --state NEW -j CONNMARK --set-mark 2
iptables -t nat -A PREROUTING -m connmark --mark 1 -j MARK --set-mark 1
iptables -t nat -A PREROUTING -m connmark --mark 2 -j MARK --set-mark 2
iptables -t nat -A PREROUTING -m state --state NEW -m connmark ! --mark 0 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -i $DEV2 -m state --state NEW -p tcp --dport 44447 -j CONNMARK --set-mark 2
iptables -t mangle -A PREROUTING -i $DEV2 -m state --state NEW -p udp --dport 44447 -j CONNMARK --set-mark 2
route del default
ip route del 0.0.0.0/1
ip route del 128.0.0.0/1
route add default gw $GW1 eth0
I took into account the original poster's own comments, modified it to my IP configuration and port needs... extended the sleep to ensure the OpenVPN configuration had occured... And then also deleted two routes that I believe were added by my VPN provider for a fallback incase the default route failed... Now everything seems to be okay except a few things...
- traceroutes fail... completely...
$ traceroute yahoo.com
traceroute to yahoo.com (206.190.36.45), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
- ping results in 100% packet loss
$ ping google.com
PING google.com (173.194.43.46) 56(84) bytes of data.
^C
--- google.com ping statistics ---
119 packets transmitted, 0 received, 100% packet loss, time 118945ms
I don't know what is causing this???
$ nslookup
> google.com
Server: 10.0.1.1
Address: 10.0.1.1#53
Non-authoritative answer:
Name: google.com
Address: 173.194.43.46
Name: google.com
Address: 173.194.43.38
Name: google.com
Address: 173.194.43.35
Name: google.com
Address: 173.194.43.41
Name: google.com
Address: 173.194.43.39
Name: google.com
Address: 173.194.43.34
Name: google.com
Address: 173.194.43.36
Name: google.com
Address: 173.194.43.37
Name: google.com
Address: 173.194.43.32
Name: google.com
Address: 173.194.43.40
Name: google.com
Address: 173.194.43.33
route table below:
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default Rolands-AirPort 0.0.0.0 UG 0 0 0 eth0
default Rolands-AirPort 0.0.0.0 UG 100 0 0 eth0
10.0.1.0 * 255.255.255.255 UH 0 0 0 eth0
10.0.1.0 * 255.255.255.0 U 0 0 0 eth0
10.4.0.1 10.4.49.21 255.255.255.255 UGH 0 0 0 tun0
10.4.49.21 * 255.255.255.255 UH 0 0 0 tun0
hosted-by.lease Rolands-AirPort 255.255.255.255 UGH 0 0 0 eth0
Any help would be greatly appreciated!
linux networking vpn routing openvpn
linux networking vpn routing openvpn
edited Mar 20 '17 at 10:04
Community♦
1
1
asked Jun 11 '13 at 4:33
user230409user230409
612
612
I looked further into my route tables and I found that for some reason the VPN was also pushing a route into my "open" table to override my defaults to my ISP. I am adding these two lines to my script to successfully resolve the issue.ip route del table open 0.0.0.0/1
ip route del table open 128.0.0.0/1
– user230409
Jun 12 '13 at 19:10
well my routing is still not working right... I now have successful pings and traceroutes to external ip's so I know my traffic is defaulting to the open table or using the main table... However my transmission client does not seem to be using the VPN and as such I am not connectable. I can see that transmission is announcing my external IP from my ISP and not the IP from my VPN. I am attempting to overcome this by addingip route add table vpn default dev tun0
because there was no default route in my VPN table... if anyone has any ideas please help!
– user230409
Jun 12 '13 at 21:29
add a comment |
I looked further into my route tables and I found that for some reason the VPN was also pushing a route into my "open" table to override my defaults to my ISP. I am adding these two lines to my script to successfully resolve the issue.ip route del table open 0.0.0.0/1
ip route del table open 128.0.0.0/1
– user230409
Jun 12 '13 at 19:10
well my routing is still not working right... I now have successful pings and traceroutes to external ip's so I know my traffic is defaulting to the open table or using the main table... However my transmission client does not seem to be using the VPN and as such I am not connectable. I can see that transmission is announcing my external IP from my ISP and not the IP from my VPN. I am attempting to overcome this by addingip route add table vpn default dev tun0
because there was no default route in my VPN table... if anyone has any ideas please help!
– user230409
Jun 12 '13 at 21:29
I looked further into my route tables and I found that for some reason the VPN was also pushing a route into my "open" table to override my defaults to my ISP. I am adding these two lines to my script to successfully resolve the issue.
ip route del table open 0.0.0.0/1
ip route del table open 128.0.0.0/1
– user230409
Jun 12 '13 at 19:10
I looked further into my route tables and I found that for some reason the VPN was also pushing a route into my "open" table to override my defaults to my ISP. I am adding these two lines to my script to successfully resolve the issue.
ip route del table open 0.0.0.0/1
ip route del table open 128.0.0.0/1
– user230409
Jun 12 '13 at 19:10
well my routing is still not working right... I now have successful pings and traceroutes to external ip's so I know my traffic is defaulting to the open table or using the main table... However my transmission client does not seem to be using the VPN and as such I am not connectable. I can see that transmission is announcing my external IP from my ISP and not the IP from my VPN. I am attempting to overcome this by adding
ip route add table vpn default dev tun0
because there was no default route in my VPN table... if anyone has any ideas please help!– user230409
Jun 12 '13 at 21:29
well my routing is still not working right... I now have successful pings and traceroutes to external ip's so I know my traffic is defaulting to the open table or using the main table... However my transmission client does not seem to be using the VPN and as such I am not connectable. I can see that transmission is announcing my external IP from my ISP and not the IP from my VPN. I am attempting to overcome this by adding
ip route add table vpn default dev tun0
because there was no default route in my VPN table... if anyone has any ideas please help!– user230409
Jun 12 '13 at 21:29
add a comment |
1 Answer
1
active
oldest
votes
Well I have my work around... I don't know why I wasn't able to get this to work but basically what I found was that even with my routing configured this way, the nature of bittorrent led my ISP provided public IP being announced... which is a major problem for connectivity. To fix my issue I stopped the transmission-daemon and altered the /etc/transmission-daemon/settings.json file to bind on the ipv4 address of the tun0 interface. This is not an ideal solution as it is not dynamic. However, the ip address of my vpn is static enough that this shouldn't be too much of an issue. If anyone has a better answer please let me know!
please note that the issues of 100% packet loss with ping and no traceroute available was fixed by manually removing routes pushed by the VPN provider (within the script).
Forcing the transmission traffic over the VPN was a matter of adjusting a setting within the client to bind on the IP address of the tun0 interface. This is not a proper solution but works none the less. I am continuing to use the script so that the default interface is not the VPN.
are you by chance using openvpn client ? if so there's a very easy way to do this let me know and if so I'll give you the info to make it work. I do similar on my home router with 3 vpn connections.
– Jacqueline Loriault
Nov 20 '13 at 4:08
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f606159%2fsplit-tunnel-routing-a-specific-port-over-openvpn-on-ubuntu-server-12-04%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Well I have my work around... I don't know why I wasn't able to get this to work but basically what I found was that even with my routing configured this way, the nature of bittorrent led my ISP provided public IP being announced... which is a major problem for connectivity. To fix my issue I stopped the transmission-daemon and altered the /etc/transmission-daemon/settings.json file to bind on the ipv4 address of the tun0 interface. This is not an ideal solution as it is not dynamic. However, the ip address of my vpn is static enough that this shouldn't be too much of an issue. If anyone has a better answer please let me know!
please note that the issues of 100% packet loss with ping and no traceroute available was fixed by manually removing routes pushed by the VPN provider (within the script).
Forcing the transmission traffic over the VPN was a matter of adjusting a setting within the client to bind on the IP address of the tun0 interface. This is not a proper solution but works none the less. I am continuing to use the script so that the default interface is not the VPN.
are you by chance using openvpn client ? if so there's a very easy way to do this let me know and if so I'll give you the info to make it work. I do similar on my home router with 3 vpn connections.
– Jacqueline Loriault
Nov 20 '13 at 4:08
add a comment |
Well I have my work around... I don't know why I wasn't able to get this to work but basically what I found was that even with my routing configured this way, the nature of bittorrent led my ISP provided public IP being announced... which is a major problem for connectivity. To fix my issue I stopped the transmission-daemon and altered the /etc/transmission-daemon/settings.json file to bind on the ipv4 address of the tun0 interface. This is not an ideal solution as it is not dynamic. However, the ip address of my vpn is static enough that this shouldn't be too much of an issue. If anyone has a better answer please let me know!
please note that the issues of 100% packet loss with ping and no traceroute available was fixed by manually removing routes pushed by the VPN provider (within the script).
Forcing the transmission traffic over the VPN was a matter of adjusting a setting within the client to bind on the IP address of the tun0 interface. This is not a proper solution but works none the less. I am continuing to use the script so that the default interface is not the VPN.
are you by chance using openvpn client ? if so there's a very easy way to do this let me know and if so I'll give you the info to make it work. I do similar on my home router with 3 vpn connections.
– Jacqueline Loriault
Nov 20 '13 at 4:08
add a comment |
Well I have my work around... I don't know why I wasn't able to get this to work but basically what I found was that even with my routing configured this way, the nature of bittorrent led my ISP provided public IP being announced... which is a major problem for connectivity. To fix my issue I stopped the transmission-daemon and altered the /etc/transmission-daemon/settings.json file to bind on the ipv4 address of the tun0 interface. This is not an ideal solution as it is not dynamic. However, the ip address of my vpn is static enough that this shouldn't be too much of an issue. If anyone has a better answer please let me know!
please note that the issues of 100% packet loss with ping and no traceroute available was fixed by manually removing routes pushed by the VPN provider (within the script).
Forcing the transmission traffic over the VPN was a matter of adjusting a setting within the client to bind on the IP address of the tun0 interface. This is not a proper solution but works none the less. I am continuing to use the script so that the default interface is not the VPN.
Well I have my work around... I don't know why I wasn't able to get this to work but basically what I found was that even with my routing configured this way, the nature of bittorrent led my ISP provided public IP being announced... which is a major problem for connectivity. To fix my issue I stopped the transmission-daemon and altered the /etc/transmission-daemon/settings.json file to bind on the ipv4 address of the tun0 interface. This is not an ideal solution as it is not dynamic. However, the ip address of my vpn is static enough that this shouldn't be too much of an issue. If anyone has a better answer please let me know!
please note that the issues of 100% packet loss with ping and no traceroute available was fixed by manually removing routes pushed by the VPN provider (within the script).
Forcing the transmission traffic over the VPN was a matter of adjusting a setting within the client to bind on the IP address of the tun0 interface. This is not a proper solution but works none the less. I am continuing to use the script so that the default interface is not the VPN.
answered Jun 13 '13 at 2:41
user230409user230409
612
612
are you by chance using openvpn client ? if so there's a very easy way to do this let me know and if so I'll give you the info to make it work. I do similar on my home router with 3 vpn connections.
– Jacqueline Loriault
Nov 20 '13 at 4:08
add a comment |
are you by chance using openvpn client ? if so there's a very easy way to do this let me know and if so I'll give you the info to make it work. I do similar on my home router with 3 vpn connections.
– Jacqueline Loriault
Nov 20 '13 at 4:08
are you by chance using openvpn client ? if so there's a very easy way to do this let me know and if so I'll give you the info to make it work. I do similar on my home router with 3 vpn connections.
– Jacqueline Loriault
Nov 20 '13 at 4:08
are you by chance using openvpn client ? if so there's a very easy way to do this let me know and if so I'll give you the info to make it work. I do similar on my home router with 3 vpn connections.
– Jacqueline Loriault
Nov 20 '13 at 4:08
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f606159%2fsplit-tunnel-routing-a-specific-port-over-openvpn-on-ubuntu-server-12-04%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I looked further into my route tables and I found that for some reason the VPN was also pushing a route into my "open" table to override my defaults to my ISP. I am adding these two lines to my script to successfully resolve the issue.
ip route del table open 0.0.0.0/1
ip route del table open 128.0.0.0/1
– user230409
Jun 12 '13 at 19:10
well my routing is still not working right... I now have successful pings and traceroutes to external ip's so I know my traffic is defaulting to the open table or using the main table... However my transmission client does not seem to be using the VPN and as such I am not connectable. I can see that transmission is announcing my external IP from my ISP and not the IP from my VPN. I am attempting to overcome this by adding
ip route add table vpn default dev tun0
because there was no default route in my VPN table... if anyone has any ideas please help!– user230409
Jun 12 '13 at 21:29