Find the answer to your Linux question:
Results 1 to 3 of 3
Like Tree1Likes
  • 1 Post By johne
I really need some assistance for a task I'm trying to accomplish. I'm trying to route all traffic from/to a specific user with user id 1004 through my VPN interface ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2006
    Posts
    14

    Question Routing all traffic from one specific user through VPN interface tun0


    I really need some assistance for a task I'm trying to accomplish.

    I'm trying to route all traffic from/to a specific user with user id 1004 through my VPN interface tun0. The VPN service is delivered by Private Internet Access.

    I've ran the following series of commands, which I've picked up from various Internet sources:
    Code:
    echo "222 vpn" >> /etc/iproute2/rt_tables
    sudo ip route add default via 10.124.1.5 dev tun0 table vpn
    sudo ip rule add prio 1000 from all fwmark 0x2 lookup vpn
    sudo iptables -t mangle -A OUTPUT -m owner --uid-owner 1004 -j MARK --set-mark 2
    sudo iptables -t mangle -A OUTPUT -m owner --uid-owner 1004  -j CONNMARK --save-mark
    sudo ip route flush cache
    echo 2 > /proc/sys/net/ipv4/conf/tun0/rp_filter
    After running these commands I get no response when pinging both external and internal adresses with the user with user id 1004. My normal user works fine.

    So apparently I'm doing something right here, but there seems to be a key step I'm missing. I'd very much appreciate some help from you guys to get on the right track.

    For the record, this is my ifconfig output:
    Code:
    eth0      Link encap:Ethernet  HWaddr bc:5f:f4:ad:de:13  
              inet addr:192.168.19.190  Bcast:192.168.19.255  Mask:255.255.255.0
              inet6 addr: fe80::be5f:f4ff:fead:de13/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:4304662 errors:0 dropped:0 overruns:0 frame:0
              TX packets:3844799 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:941731801 (941.7 MB)  TX bytes:1489452195 (1.4 GB)
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:1181632 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1181632 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:483121446 (483.1 MB)  TX bytes:483121446 (483.1 MB)
    
    tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
              inet addr:10.124.1.6  P-t-P:10.124.1.5  Mask:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:186 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100 
              RX bytes:8919 (8.9 KB)  TX bytes:220 (220.0 B)
    
    virbr0    Link encap:Ethernet  HWaddr be:81:48:72:3e:45  
              inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    ip route output:
    Code:
    default via 192.168.19.1 dev eth0 
    10.124.1.5 dev tun0  proto kernel  scope link  src 10.124.1.6 
    127.0.0.0/8 via 127.0.0.1 dev lo 
    192.168.19.0/24 dev eth0  scope link  src 192.168.19.190
    ip rule output:
    Code:
    0:	        from all lookup local 
    1000:	        from all fwmark 0x2 lookup vpn 
    2000: 	from all lookup 21 
    32766:	from all lookup main 
    32767:	from all lookup default
    route -n output:
    Code:
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         192.168.19.1    0.0.0.0         UG    0      0        0 eth0
    10.124.1.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
    127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo
    192.168.19.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
    This might be important info: After running the ip route add table command, I get the following from ip route show table vpn
    Code:
    default via 10.124.1.5 dev tun0
    However, when I check the same command again after a while, the output is empty. Don't know why.

  2. #2
    Just Joined!
    Join Date
    Nov 2013
    Posts
    18
    Hello,
    I found this guide, its something similar, just take from it whats relevant for your setup:
    wwwDOTniftiestsoftwareDOTcom/2011/08/28/making-all-network-traffic-for-a-linux-user-use-a-specific-network-interface/

    Hope that helps.
    miceagol likes this.

  3. #3
    Just Joined!
    Join Date
    Jun 2006
    Posts
    14
    Quote Originally Posted by johne View Post
    Hello,
    I found this guide, its something similar, just take from it whats relevant for your setup:
    wwwDOTniftiestsoftwareDOTcom/2011/08/28/making-all-network-traffic-for-a-linux-user-use-a-specific-network-interface/

    Hope that helps.
    Thanks a lot! You just saved me lots of precious time.

    I copied the scripts in the link and replaced the parameters with my own, and the user now has the VPN ip.

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •