Hi, I edited the providers file to this :
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY Coop 1 1 - wlan1 192.168.1.1 track,balance VPN 2 2 - tun0 detect track,fallback
and removed the 998 routing rule. USE_DEFAULT_ROUTE is still set to Yes.As soon as I start the VPN and restart shorewall, all traffic is still routed by default through the vpn interface...
I attach a dump-pull.gz for this configuration.I tried to insert a route-nopull option into the ovpn config file. When i restart shorewall, all traffic is correctly routed through wlan1 by default, and through the vpn if i bind applications to tun0. The mark in tcrules for user rtorrent is still not working though.. the user has no network access whatsoever.
This configuration is in dump-nopull.gz . Thanks! Nella citazione in data Wed Apr 30 15:42:32 2014, Tom Eastep ha scritto:
On 4/30/2014 10:35 AM, Marcello Giordano wrote:Hi, Thanks for your answer! a) I tried re-configuring everything to use USE_DEFAULT_RT=Yes. Now, by default, all traffic goes through the vpn. I put something like this in the routing rules 998 from all iif lo lookup Coop so that all traffic from the $FW goes through the Coop provider on wlan1. But this makes the marking of packets for user rtorrent (in tcrules) useless, because I never get to match these rules 10000: from all fwmark 0x1/0xff lookup Coop 10001: from all fwmark 0x2/0xff lookup VPN sorry if I am misunderstanding something.You should specify 'balance' for the wlan1 provider and 'fallback' for the VPN provider. And get rid of the 998 rule that you added. -Tom ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
-- Marcello Giordano giorda...@ftml.net
dump-pull.gz
Description: GNU Zip compressed data
dump-nopull.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
