On Mon, Dec 7, 2015 at 12:53 AM, Axel Glienke <a...@glienke.cc> wrote:
> i have a little question.
>
> My system:
>
> ip route:
> 0.0.0.0/1 via 10.8.0.5 dev tun0
> default via 192.168.2.1 dev br0 proto static metric 425
> 10.8.0.1 via 10.8.0.5 dev tun0
> 10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6
> 88.198.140.127 via 192.168.2.1 dev br0
> 192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.101
> metric 425
> 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
>
>
> traceroute gmx.de
> traceroute to gmx.de (213.165.65.60), 30 hops max, 60 byte packets
> 1 Speedport.ip (192.168.2.1) 0.578 ms 0.662 ms 0.859 ms
> ^C
> [root@h1 ~]# traceroute spiegel.de
> traceroute to spiegel.de (62.138.116.3), 30 hops max, 60 byte packets
> 1 10.8.0.1 (10.8.0.1) 35.009 ms 34.982 ms 34.956 ms
> ^C
>
> Why the routing is different, in first case over br0 in second over
> the vpn device?
>
>
Because of this route in the routing table:
0.0.0.0/1 via 10.8.0.5 dev tun0
Remove it.
I want, that only traffic, incoming over tun0 routing back over tun0.Is
> this possible with iptables/firewalld-cmd?
>
If the only traffic coming in through tun0 is from 10.8.0.1, the 2 routes
to 10.8.0.x will take care of that. If there are other hosts to be reached
through the tunnel, additional routes will be needed.
Selva
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
