Hello,
Mario Hülsegge a écrit :
>
> i am trying to set up routing of all outgoing
http-requests on my
> workstation through my openvpn gateway (tun0). the web
told me to do it:
>
> iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK
--set-mark 4
> ip rule add fwmark 4 lookup 3
> ip route add default dev tun0 table 3
Looks fine.
> the problem is that it does not work. tcpdump gives
me:
>
> 00:28:00.461045 IP (tos 0x0, ttl 64, id 28447, offset
0, flags [DF],
> proto: UDP (17), length: 71) 192.168.0.125.1049 >
vroot.domain: [udp sum
> ok] 62654+ PTR? 67.11.71.195.in-addr.arpa. (43)
> 00:28:00.515190 IP (tos 0x0, ttl 56, id 0, offset 0,
flags [DF], proto:
> UDP (17), length: 127) vroot.domain >
192.168.0.125.1049: 62654 NXDomain
> q: PTR? 67.11.71.195.in-addr.arpa. 0/1/0 ns:
71.195.in-addr.arpa. (99)
> 00:28:01.459744 arp who-has 195.71.11.67 tell
192.168.0.125
> 00:28:02.459844 arp who-has 195.71.11.67 tell
192.168.0.125
Was this trace captured on interface tun0 ?
Please use option -n so addresses and port numbers are not
converted
into confusing names.
What is the address of vroot ? Is it the other end of the
VPN ?
Is the OpenVPN link configured in TUN (IP) or TAP (ethernet)
mode ? The
interface name tun0 suggests TUN mode, but the ARP requests
suggest TAP
mode. If it is TAP mode, you must specify the gateway
address in the ip
route statement just as you would do with a gateway on an
ethernet link.
|
> Was this trace captured on interface tun0 ?
yes
> What is the address of vroot ? Is it the other end of
the VPN ?
no, it is just my dns-server that has nothing to do with the
vpn.
> Is the OpenVPN link configured in TUN (IP) or TAP
(ethernet) mode ?
it is in tun mode, i have no idea why it acts like in tap
mode.
Mario