On Tue, Oct 13, 2015 at 10:23 PM, Hongyi Zhao <hongyi.z...@gmail.com> wrote:
>
> 2- Using iptables to set the mark value 200 for all of the traffic
> which are destinated to google.com:
>
> $ sudo iptables -t mangle -A PREROUTING -m set --match-set
> openvpn-test dst -j MARK --set-mark 200
>
This should work for forwarded packets, but for locally generated traffic
you will need to mangle them in the OUTPUT chain.
Other than that I don't see anything wrong with the rules. I usually set
such routing rules in an up-script automatically run after openvpn connects:
The up-script I use for a similar purpose (in my case the mark is set (not
shown) for forwarded packets based on source address)
# I find it best to delete and recreate rules
ip rule del fwmark 10 table myvpn
ip rule add fwmark 10 table myvpn
ip route flush table myvpn
# add the route for matched packets -- keep localnet routed through eth0
ip route add default via ${ifconfig_remote} dev ${dev} table myvpn
ip route add 192.168.2.0/24 dev eth0 table myvpn
Selva
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
