Re: vpn multihoming

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Mar 26, 2006 at 12:57:10PM -0800, Marius M wrote:
> Hello all,
> 
> I have a linux router with 2 interfaces(eth0 - ISP and
> eth1 - LAN). I've established a VPN
> connection(openvpn) over eth0 with a friend of mine =>
> tun0 interface.
> 
> I want half of my LAN to have Internet access through
> the eth0 interface and the other half through the tun0
> interface.
> 
> I've set up a script like the "load balancing split
> access" instructions in the lartc howto, but it
> doesn't work. Here's the important part of the script:
> 
>   ip route add $P1_NET dev $IF1 src $IP1 table T1
>   ip route add default via $P1 table T1
>   ip route add $P2_NET dev $IF2 src $IP2 table T2
>   ip route add default via $P2 table T2
> 
>   ip route add $P1_NET dev $IF1 src $IP1
>   ip route add $P2_NET dev $IF2 src $IP2
> 
>   ip rule add from $IP1 table T1
>   ip rule add from $IP2 table T2
> 
> Note that ping works over the tunnel, over the
> subnets, but the users on my LAN can't have Internet
> connectivity through eth0 or tun0.
> 
> My firewall has only this rule:
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o
> eth0 -j MASQUERADE

You will need to use SNAT to the interface address
mail me offline if you want a copy of my scripts for setting up the
firewall and ip & tc

Alex

> I've changed eth0 with tun0 and I doesn't work either.
> 
> What can be done to fix this problem?
> 
> Thanks in advance,
> M.
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>

Attachment: signature.asc
Description: Digital signature

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux