On Thu, 15 Oct 2015 10:49:09 -0400, Selva Nair wrote:
> At least the output is different with the rule in place.. My guess: the
> packets are going out with source address of eth0 (192.168.0.2) and your
> VPN server is not set up to NAT them..
>
> Try this
>
> traceroute -n -s 10.211.1.33 8.8.8.
On Thu, Oct 15, 2015 at 8:20 AM, Hongyi Zhao wrote:
> 2- With the route in table openvpn:
>
> $ ip route show table openvpn
> default via 10.211.1.34 dev tun-gfwlist
>
> This time the following command will give nothing:
>
>
> $ traceroute 8.8.8.8
> traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 6
On Wed, 14 Oct 2015 12:52:19 -0400, Selva Nair wrote:
> The manpage is probably referring to routing of received and forwarded
> packets, not outgoing packets.
>
> As far as I know, PREROUTING chain is traversed by packets coming in
> from the network, not by locally generated packets. So if this
On Wed, 14 Oct 2015 12:52:19 -0400, Selva Nair wrote:
> To test, keep it simple -- try with just one IP directly specified in
> the rule
>
> # iptables -t mangle -I OUTPUT -d 8.8.8.8/32 -j MARK --set-mark 200
>
> (to work locally this has to be in the OUTPUT chain -- see below)
>
> # ip rule ad
On Wed, 14 Oct 2015 22:36:24 +0200, Gert Doering wrote:
> Hi,
>
> On Wed, Oct 14, 2015 at 08:42:08AM +, Hongyi Zhao wrote:
>> I've tried with the OUTPUT chain, but still it failed for me to access
>> google.com via openvpn.
>
> I think your approach is a bit too complicated - why bother with
Hi,
On Wed, Oct 14, 2015 at 08:42:08AM +, Hongyi Zhao wrote:
> I've tried with the OUTPUT chain, but still it failed for me to access
> google.com via openvpn.
I think your approach is a bit too complicated - why bother with marking
anyway? "ip rule" can apply directly to destination prefix
On Wed, Oct 14, 2015 at 4:42 AM, Hongyi Zhao wrote:
> On Wed, 14 Oct 2015 02:05:38 -0400, Selva Nair wrote:
>
> > This should work for forwarded packets, but for locally generated
> > traffic you will need to mangle them in the OUTPUT chain.
>
> I've tried with the OUTPUT chain, but still it fail
On Wed, 14 Oct 2015 02:05:38 -0400, Selva Nair wrote:
> This should work for forwarded packets, but for locally generated
> traffic you will need to mangle them in the OUTPUT chain.
I've tried with the OUTPUT chain, but still it failed for me to access
google.com via openvpn.
The traceroute to
On Tue, Oct 13, 2015 at 10:23 PM, Hongyi Zhao wrote:
>
> 2- Using iptables to set the mark value 200 for all of the traffic
> which are destinated to google.com:
>
> $ sudo iptables -t mangle -A PREROUTING -m set --match-set
> openvpn-test dst -j MARK --set-mark 200
>
This should work for forwa
Hi all,
I'm using Debian Jessie and I use openvpn to connect to the vpngate's
free vpn-servers.
For my case, I just want to some specific traffics are routed by
openvpn, say the traffic to google.com. This should be done by using
policy routing based on netfilter's toolchains. And at the same t
10 matches
Mail list logo
