Route by IP address over tun0 - 'ip rule add from a.b.c.d'

Discussion in 'Linux Networking' started by morleyc, Jul 11, 2007.

  1. morleyc

    morleyc Guest

    Would anyone be kind enough to give me some pointers to route packets
    from a specific ip on my subnet via the tun0 OpenVPN interface, and
    all other hosts out the default route of the main routing table
    ( on br0)?

    i.e. -> via br0, and -> via tun0

    I have created the tables:

    mkdir /etc/iproute2
    echo 201 table1 >> /etc/iproute2/rt_tables
    ip rule add from table table1

    But i am really stuck from here. I tried adding default routes in the
    table1 but all traffic stops at this point (i am pinging from the host out onto the net, it works as soon as this command below
    is entered it times out):

    ip route add dev tun0 scope link src table table1
    (not sure if this is needed - either way doesnt work with or without)
    ip route add default via dev tun0 table table1

    I did try: ip route add default dev tun0 table table1. and again that
    fails to work. I appreciate this isnt a guessing game hence moving to
    post here in hope of some expert advice.

    Routing table for the main table (table 1 contains the entries from
    above commands):

    [email protected]:~# ip route list table table1
    default via dev tun0

    [email protected]:~# ip route list table main via dev br0 via dev tun0 dev tun0 proto kernel scope link src dev br0 proto kernel scope link src
    default via dev br0

    There is a point to point link to the OpenVPN server on with
    a local address of, but im not sure if this needs to be
    added in the table1? I did try by adding ip route add dev
    tun0 scope link src table table1, but again still the same

    With OpenVPN setup to push the redirect-gateway option, all works well
    with the routing table and the box acts as a router sending everything
    through it (table shown below - this works fine apart from everyone is
    routed through it). As mentioned, I would like the tables default
    route below to only apply to the host I am posting the
    table below as this does work for all hosts:

    [email protected]:~# ip route list table main via dev br0 via dev tun0 dev tun0 proto kernel scope link src dev br0 proto kernel scope link src
    default via dev tun0

    Many thanks in advance
    morleyc, Jul 11, 2007
    1. Advertisements

  2. morleyc

    morleyc Guest

    One point i forgot to mention is that I am masquerading on tun0 as i
    will be routing a number of hosts through the router:

    iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

    I also run 'ip route flush cache' after i enter the routing commands
    but to no avail.

    morleyc, Jul 11, 2007
    1. Advertisements

  3. Hello,

    a écrit :
    All you can infer from this test is that the ping program receives no
    replies with the advanced routing setup. This does not necessary mean
    that the echo requests are not sent correctly. Maybe the problem is on
    the reverse path. Have you traced the traffic at each virtual and
    physical interface on each hop ?
    Seems fine to me.
    So we can reasonably believe that the routing at the other end of the
    VPN is ok. Check that the source validation by reversed path is disabled
    for the VPN tun0 (/proc/sys/net/ipv4/conf/tun0/rp_filter=0 or
    /proc/sys/net/ipv4/conf/all/rp_filter=0). This is often needed because
    the validation check does not take the advanced routing rules into account.
    Pascal Hambourg, Jul 11, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.