hello. im trying to follow this tutorial { viewtopic.php?t=175765 } that provides per-app routing based on the user acct it's run under. the concept being i only want some traffic to go over a vpn while other traffic is direct.
the problem occurs when running it however that it errors on the lines that mention tale 42 in the up.sh. i'm assuming syntaxes may have changed seeing how long ago this was written. can anyone tell me how to make the firewall rules work, or if you have a diff better solution let me know.
for example the following line:
ip route add default via $(ifconfig -a tun0 | grep -o 'P-t-P:[^ ]*' | cut -d : -f 2) table 42
Error: any valid address is expected rather than "table".
routing based on app / iptables
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
routing based on app / iptables
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: routing based on app / iptables
hi WHiZ,
On quick look things should work.. did you replace example info with your infos though?
If this isn't working you might consider "proxify" VPN and point apps you want through VPN only to use proxy address (if supported by app)
On quick look things should work.. did you replace example info with your infos though?
Replace 192.168.1.0/24 with your own address, assuming it's any different.
Also, replace the instances of "vpn" if you're using a different user, and replace tun0 if you're using a different interface
most likely it is tun0 (run#!/bin/sh
iptables -t mangle -I OUTPUT -m owner --uid-owner vpn -j MARK --set-mark 42
iptables -t mangle -I OUTPUT -d 192.168.1.0/24 -m owner --uid-owner vpn -j RETURN
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE
ip rule add fwmark 42 table 42
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $f
done;
ip route add default via $(ifconfig -a tun0 | grep -o 'P-t-P:[^ ]*' | cut -d : -f 2) table 42
chgrp vpn $XAUTHORITY
chmod 640 $XAUTHORITY
ifconfig
in terminal to verify (when your VPN is running). also, if you followed his guide to letter then user = vpn should be fine, so make sure you have correct address on that second IPtables line.If this isn't working you might consider "proxify" VPN and point apps you want through VPN only to use proxy address (if supported by app)
Re: routing based on app / iptables
btw i did go through this again as you suggested. i had stuck with his vpn acct name and network etc, so all of it is the same. any other ideas?
i cant do proxy, as even tho most apps support it i found it was still leaking stuff across the normal network.
i cant do proxy, as even tho most apps support it i found it was still leaking stuff across the normal network.
Re: routing based on app / iptables
is your check for address results: 192.168.1.0/24Replace 192.168.1.0/24 with your own address, assuming it's any different
run this command to know for sure if you should use that:
Code: Select all
echo -n $(ip route show | grep "default" | cut -d \ -f 3 | cut -d \. -f 1-3) && echo ".0/24"