Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 11-28-2013 #1
    miceagol
    miceagol is offline
    Just Joined!
    Join Date
    Jun 2006
    Posts
    14

    Question Routing all traffic from one specific user through VPN interface tun0

    I really need some assistance for a task I'm trying to accomplish.

    I'm trying to route all traffic from/to a specific user with user id 1004 through my VPN interface tun0. The VPN service is delivered by Private Internet Access.

    I've ran the following series of commands, which I've picked up from various Internet sources:
    Code:
    echo "222 vpn" >> /etc/iproute2/rt_tables
sudo ip route add default via 10.124.1.5 dev tun0 table vpn
sudo ip rule add prio 1000 from all fwmark 0x2 lookup vpn
sudo iptables -t mangle -A OUTPUT -m owner --uid-owner 1004 -j MARK --set-mark 2
sudo iptables -t mangle -A OUTPUT -m owner --uid-owner 1004  -j CONNMARK --save-mark
sudo ip route flush cache
echo 2 > /proc/sys/net/ipv4/conf/tun0/rp_filter
    After running these commands I get no response when pinging both external and internal adresses with the user with user id 1004. My normal user works fine.

    So apparently I'm doing something right here, but there seems to be a key step I'm missing. I'd very much appreciate some help from you guys to get on the right track.

    For the record, this is my ifconfig output:
    Code:
    eth0      Link encap:Ethernet  HWaddr bc:5f:f4:ad:de:13  
          inet addr:192.168.19.190  Bcast:192.168.19.255  Mask:255.255.255.0
          inet6 addr: fe80::be5f:f4ff:fead:de13/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4304662 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3844799 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:941731801 (941.7 MB)  TX bytes:1489452195 (1.4 GB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1181632 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1181632 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:483121446 (483.1 MB)  TX bytes:483121446 (483.1 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.124.1.6  P-t-P:10.124.1.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:186 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:8919 (8.9 KB)  TX bytes:220 (220.0 B)

virbr0    Link encap:Ethernet  HWaddr be:81:48:72:3e:45  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    ip route output:
    Code:
    default via 192.168.19.1 dev eth0 
10.124.1.5 dev tun0  proto kernel  scope link  src 10.124.1.6 
127.0.0.0/8 via 127.0.0.1 dev lo 
192.168.19.0/24 dev eth0  scope link  src 192.168.19.190
    ip rule output:
    Code:
    0:	        from all lookup local 
1000:	        from all fwmark 0x2 lookup vpn 
2000: 	from all lookup 21 
32766:	from all lookup main 
32767:	from all lookup default
    route -n output:
    Code:
    Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.19.1    0.0.0.0         UG    0      0        0 eth0
10.124.1.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo
192.168.19.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
    This might be important info: After running the ip route add table command, I get the following from ip route show table vpn
    Code:
    default via 10.124.1.5 dev tun0
    However, when I check the same command again after a while, the output is empty. Don't know why.
  2. 11-29-2013 #2
    johne
    johne is offline
    Just Joined!
    Join Date
    Nov 2013
    Posts
    18
    Hello,
    I found this guide, its something similar, just take from it whats relevant for your setup:
    wwwDOTniftiestsoftwareDOTcom/2011/08/28/making-all-network-traffic-for-a-linux-user-use-a-specific-network-interface/

    Hope that helps.
  3. 12-01-2013 #3
    miceagol
    miceagol is offline
    Just Joined!
    Join Date
    Jun 2006
    Posts
    14
    Quote Originally Posted by johne View Post
    Hello,
    I found this guide, its something similar, just take from it whats relevant for your setup:
    wwwDOTniftiestsoftwareDOTcom/2011/08/28/making-all-network-traffic-for-a-linux-user-use-a-specific-network-interface/

    Hope that helps.
    Thanks a lot! You just saved me lots of precious time.

    I copied the scripts in the link and replaced the parameters with my own, and the user now has the VPN ip.
    4. $spacer_open
    $spacer_close
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules