On Mon, 2004-03-08 at 17:07, Richard Bellamy wrote: > Hi > > I have just set up an ecrypted connection (with OpenVPN) between my laptop and router currently all traffic goes down the vpn. I would like to allow ssh traffic to bypass the vpn. > > The situation is this: > > Router: Laptop: > 192.168.0.1 - tun0 192.168.0.2 - tun0 > | | > 10.44.10.1 - eth0 10.44.10.2 - eth0 > | | > --------------------------------------------------------- > > The default route on the laptop is set to 192.168.0.1 so all traffic is automatically sent encrypted. I need to be able to send everything but ssh down the vpn(with the possibility for https later on). I beleive that this would have to happen before routing took place. OpenVPN is on udp/5000. on the laptop: edit /etc/iproute2/rt_tables (or wherever rt_tables is at) and add the following: <snip> 50 unencrypted </snip> without <snip> and </snip> then issue the following commands: <snip> ip route add dev eth0 ip rule add pref 50 fwmark 2 table unencrypted </snip> now iptables comes in to play and glues everything up: <snip> iptables -t mangle -I OUTPUT -p tcp --dport 22 -j MARK --set-mark 0x02 iptables -t nat -I POSTROUTING -o dev eth0 -j SNAT --to 192.168.0.2 </snip>
