Hello,

Mario Hülsegge a écrit :
>
> i am trying to set up routing of all outgoing http-requests on my
> workstation through my openvpn gateway (tun0). the web told me to do it:
>
> iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 4
> ip rule add fwmark 4 lookup 3
> ip route add default dev tun0 table 3

Looks fine.

> the problem is that it does not work. tcpdump gives me:
>
> 00:28:00.461045 IP (tos 0x0, ttl  64, id 28447, offset 0, flags [DF],
> proto: UDP (17), length: 71) 192.168.0.125.1049 > vroot.domain: [udp sum
> ok]  62654+ PTR? 67.11.71.195.in-addr.arpa. (43)
> 00:28:00.515190 IP (tos 0x0, ttl  56, id 0, offset 0, flags [DF], proto:
> UDP (17), length: 127) vroot.domain > 192.168.0.125.1049:  62654 NXDomain
> q: PTR? 67.11.71.195.in-addr.arpa. 0/1/0 ns: 71.195.in-addr.arpa. (99)
> 00:28:01.459744 arp who-has 195.71.11.67 tell 192.168.0.125
> 00:28:02.459844 arp who-has 195.71.11.67 tell 192.168.0.125

Was this trace captured on interface tun0 ?
Please use option -n so addresses and port numbers are not converted
into confusing names.
What is the address of vroot ? Is it the other end of the VPN ?
Is the OpenVPN link configured in TUN (IP) or TAP (ethernet) mode ? The
interface name tun0 suggests TUN mode, but the ARP requests suggest TAP
mode. If it is TAP mode, you must specify the gateway address in the ip
route statement just as you would do with a gateway on an ethernet link.