OpenVPN Destination Port / Source Machine Based Routing

In OpenVPN I might want to route packets over the tunnel depending on certain metrics, such as the source port, source machine, destination IP or any combination thereof. This is quite simple with iptables:
 
The OpenVPN up script:
 
#!/bin/sh
iptables -A forwarding_rule -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
ip rule add fwmark 1 table 1
ip route add default dev tun0 table 1
 
iptables -t mangle -A PREROUTING -s 192.168.6.11 -j MARK –set-mark 1
iptables -t mangle -A PREROUTING -s 192.168.6.10 -p tcp –dport 80 -j MARK –set-mark 1
# route all packets from eth0.2 to vpn
iptables -t mangle -A PREROUTING -i eth0.2 -j MARK –set-mark 1
 
# route packets from designated machines to vpn
iptables -t mangle -A PREROUTING -m mac –mac-source 00:23:10:00:44:44-p udp –dport 53 -j MARK –set-mark 1
 
Advertisements
This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s