Hello, Thank you for your answer!
LSM but it doesn't seem to work on my platform (archlinux on armv7). I ended up using the swping script but I still experience the same issue. The "VPN" table is still there: Table VPN: 10.9.0.246 dev tun0 scope link src 10.9.0.245 10.9.0.1 dev tun0 scope link default via 10.9.0.246 dev tun0 src 10.9.0.245 Mangling does not work i.e. packets for the specified user a routed through eth0 instead of tun0. Restarting shorewall makes mangling work again, and I cannot see any changes compared to the routing table before the restart.. At the time the issue occurred, openvpn logs only showed a "TLS: soft reset" which shouldn't bring the connection down. Anything else I could try? Best, MG -- Marcello Giordano [email protected] On Mon, Mar 9, 2015, at 19:47, Tom Eastep wrote: > On 3/9/2015 9:07 AM, Marcello Giordano wrote: > > Hi all, > > > > I have a multi-isp in which one provider is my regular connection (on > > eth0) and the other is a vpn connection (using openvpn on tun0). > > > > I wrote a rule in the mangle file to mark all packets from a specific > > user to be routed automatically through the vpn, while the rest of the > > traffic goes through eth0. > > > > Everything works fine, until the vpn connection is restarted (after an > > inactivity timeout for example). The packets for the specific vpn user > > are still being marked, but they are not routed through the correct tun0 > > interface anymore. > > > > Dump file attached, > > anything i am doing wrong? > > You need to be running a link monitor like LSM. When the VPN goes down, > the VPN routing table is erased. For this simple case, you could also > install and configure Shorewall-init. You will want a very recent > version of Shorewall-init, as there have been a number of important > recent fixes. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, > sponsored > by Intel and developed in partnership with Slashdot Media, is your hub > for all > things parallel software development, from weekly thought leadership > blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > Email had 1 attachment: > + signature.asc > 1k (application/pgp-signature) ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
