Opened 4 months ago

Last modified 3 months ago

#1399 new Feature Wish

Linux: configure custom routing table id in client

Reported by: RSpliet Owned by: plaisthos
Priority: minor Milestone:
Component: OSS OpenVPN Clients Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

To the best of my knowledge, on Linux by default route changes get committed to the "main" table 254. I would like to be able to configure my OpenVPN client to use a different routing table instead.

The problem I try to solve is routing traffic from some daemons over a VPN connection, but not traffic from other applications or daemons. An elegant solution would be for IPTables to mark traffic from applications running as a certain user- or group-id with a particular index i, e.g. "iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner [uid] -j MARK --set-mark 10" Using "ip rule add fwmark 10 table [table-id]", I can then route traffic for those applications according to the routing table written by OpenVPN, while other traffic continues to use the default routing table.
Manually scripting up routing table entries may be possible using route-up scripts, but in the presence of dynamic IPs and pushed/pulled route changes this use-case might be cleaner to achieve with a simple "route-table" option in a VPNs configuration file.

Change History (1)

comment:1 Changed 3 months ago by tct

I can see the appeal but this is what external scripts are for.

Note: See TracTickets for help on using tickets.