On 3/23/2020 2:09 PM, Tom Eastep wrote:
On 3/23/2020 10:39 AM, Eddie wrote:
Hi,
Firstly some background. Some time ago Tom helped me in setting up my
system to use a VPN client in a way that allowed me full control over
which destination IPs were sent via the VPN, the remainder of traffic
leaving via my normal internet connection. When starting the VPN, I
suppress all attempts at it modifying my existing routing and in the
"up" script generate the following before restarting the firewall:
I guess what I was expecting from the use of shorewall/routes is that it
would have not modified any of the existing routing tables being
generated (well, apart from my use of "main") but created a brand new
table to be inserted between 0 and 999.
I can see that as a workaround, I can force all the entries to be added
to the "main" table instead.
Have I misunderstood how this was supposed to work or is it (kinda) broken.
You have misunderstood how it works. The 'routes' file simply allows you
to add routes in any of the existing tables and that's all.
You have two choices:
a) Add the routes to the main tables (which is essentially what your
scripts are doing).
b) Add entries in rtrules to direct the traffic to the 'vpn' table. Note
that these rules don't really need priorities < 1000; they simply need
priorities < 32765 because only the 'balance' and 'default' tables will
ever have default routes in them (when Shorewall is started).
I recommend the latter, because the rules will be added when the VPN
provider is enabled and deleted when it is disabled.
-Tom
Works perfectly. Thanks Tom.
Cheers.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
