1

I'm having problems to create route/iptables rules for following configuration:

  1. I have an openVPN server (tun type) running on my raspberry machine at home
  2. At work i have company pc (behind proxy) that creates tunnel using openVPN to my home machine
  3. At work i have USB Wifi dongle (wlan0) connected to my company pc that should provide internet using the tunnel to machine at my home

Now i need to create rules for: 1. All traffic going via wlan0 to route to tunnel 2. Rest of the traffic route to eth0 - company network behind proxy

Default route rule at company pc (linuxmint 15) for all traffic going via eth0 - proxy:

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.131.4.1 0.0.0.0 UG 0 0 0 eth0

--> that rule must stay on eth0

Improve this question
2
  • Hello do you mind providing us a bit more info like the os you're using at work ? the list of your network interface ? and the IPs of your computer ? Commented Nov 28, 2013 at 9:14
  • At work: linuxmint 15 eth0 : 10.131.4.74 wlan0: 172.16.1.1 tun0: 10.8.0.14 At home: raspbian running on raspberrypi tun0: 10.8.0.1 Commented Nov 29, 2013 at 13:48

3 Answers 3

Reset to default
2

If you want to send traffic that comes in from wlan0 down tun0, but traffic that originates locally to go to eth0, the easiest way is to just use a separate routing table:

# enable IP forwarding sysctl -w net.ipv4.ip_forward 1 # Add a "default rule" to a non-default routing table ip route add default dev tun0 table 10 # Specify that this table is to be used for anything from the wlan interface ip rule add iif wlan0 table 10

... and that should be it, really. This assumes you do not need NAT; if you control both the VPN server and the wlan IP address range, that should be straightforward.

Improve this answer
1
  • I dug up the whole internet to find this. God bless you. Commented Nov 30, 2024 at 19:45
0

So admitting that all private ip addresses will be routed to your work network, I would do something like this. 

route add default gw tun0 route add 10.0.0.0/8 gw eth0 route add 172.16.0.0/12 gw eth0 route add 192.168.0.0/16 gw eth0

I do not have a linux to test this configuration but that's what it should look like I think. There's probably error in the exact synthax. but you get the idea

Improve this answer
0

It depends on your tun OpenVpn server configuration. Basicly, it handles only (!) networks, defined by server side.
So, you configuration for wlan0 (let's say, 192.168.0.0/24) users via tun0 will be done as follows:

iptables -t mangle -A PREROUTING -s wlan0 -j MARK --set-mark 1 iptables -A FORWARD -o tun0 -j ACCEPT iptables -A POSTROUTING -o tun0 -j MASQUERADE

This marks all packets, coming from wlan0 and sets tun0 address as source address, and of course - allows forwarding. Of course, ip forwarding must me enabled in sysctl.
Add routing table to /etc/iproute2/rt_tables - for instance, 100 wlantun

ip rule add fwmark 1 table wlantun ip rule add default via ${tun gw} dev tun0 table wlantun

This will route all market packets to tun0. However, I suggest to use tap instead of tun tunnel to achieve the result.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.