Route https traffic to specific interface

This forum is for general conversation and user-user networking.
Post Reply
ixM
OpenVpn Newbie
Posts: 2
Joined: Wed Jul 25, 2012 3:51 pm

Route https traffic to specific interface

Post by ixM » Thu Jul 26, 2012 7:10 am

Hi,


I would like to know if it's possible (and if it is, how it's done) to use a specific network interface to use for https traffic (still using the VPN but on another interface just for https).

If I understand correctly, if not specified explicitely, OpenVPN will connect to its OpenVPN gateway on any interface that allows it to do so. Moreover, I read that it should be possible to route traffic using regular iproute2 and iptables since OpenVPN works above that. Am I right?

More specifically, I want all traffic to 192.168.45.1 and port 8443 to use eth0 and traffic to 192.168.45.1 and port 443 to use eth1. Everything else can use any interface.
This is why I tried following with no result (everything goes through eth1):

Code: Select all

iptables -A OUTPUT -t mangle -o eth0 -p tcp --dst 192.168.45.1 --dport 8443 -j MARK --set-mark 1
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dst 192.168.45.1 --dport 443 -j MARK --set-mark 2
ip route add default dev eth0 table 3G
ip route add default dev eth1 table LAN
ip rule add fwmark 0x1 table 3G
ip rule add fwmark 0x2 table LAN
What am I doing wrong?

Thanks in advance for your help,


ixM

User avatar
Mimiko
Forum Team
Posts: 1568
Joined: Wed Sep 22, 2010 3:18 am

Re: Route https traffic to specific interface

Post by Mimiko » Mon Jul 30, 2012 5:51 am

This is not related to OpenVPN at all.
I think iptables rules must not contain "-o eth0".

ixM
OpenVpn Newbie
Posts: 2
Joined: Wed Jul 25, 2012 3:51 pm

Re: Route https traffic to specific interface

Post by ixM » Mon Jul 30, 2012 7:42 am

Hi Mimiko,

Thanks for the answer.

In fact, some times later I figured out by myself that -o should not be specified but could not edit the post since it was awaiting validation.

Sadly, this does not resolve the problem at all.

I was able to verify that the packets were marked correctly and that the correct table was thus used but from there I cannot figure out what to do. If I do:

Code: Select all

ip route add 192.168.45.1 dev tap0 table 3G
all the traffic passes through eth1 nonetheless. This is no surprise as nothing instructs the server to use eth0. If I do:

Code: Select all

ip route add 192.168.45.1 dev eth0 table 3G
then it doesn't work anymore which is also not surprising since 192.168.45.1 is not in the range of eth0.

This is why it seems to me that it is a valid OpenVPN question.

Thanks in advance for your kind help,


ixM

Post Reply