mantao/ovpn-lb-socks5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

working nexthop split

Browse Source
This commit is contained in:
root 2020-04-06 23:47:02 -04:00
parent a0427f3c95
commit 72ea645e34
3 changed files with 2 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
iptable.sh
View File

@ -10,7 +10,6 @@ iptables -t mangle -X
# Let the VPN client communicate with the outside world. # Let the VPN client communicate with the outside world.
#iptables -A OUTPUT -j ACCEPT -o enp1s0 #iptables -A OUTPUT -j ACCEPT -o enp1s0
iptables -A OUTPUT -j ACCEPT -o enp1s0 -m owner --gid-owner openvpn iptables -A OUTPUT -j ACCEPT -o enp1s0 -m owner --gid-owner openvpn
#iptables -A OUTPUT -j ACCEPT -o vpn0 -m owner --gid-owner openvpn
# The loopback device is harmless, and TUN is required for the VPN. # The loopback device is harmless, and TUN is required for the VPN.
iptables -A OUTPUT -j ACCEPT -o lo iptables -A OUTPUT -j ACCEPT -o lo
@ -19,7 +18,6 @@ iptables -A OUTPUT -j ACCEPT -o tun+
#iptables -A OUTPUT -j ACCEPT -o tun+ #iptables -A OUTPUT -j ACCEPT -o tun+
iptables -t mangle -A OUTPUT -m owner --gid-owner openvpn -j MARK --set-mark 11 iptables -t mangle -A OUTPUT -m owner --gid-owner openvpn -j MARK --set-mark 11
iptables -t mangle -A OUTPUT -j MARK --set-mark 12
iptables -t nat -A POSTROUTING -m owner --gid-owner openvpn -o enp1s0 -j MASQUERADE iptables -t nat -A POSTROUTING -m owner --gid-owner openvpn -o enp1s0 -j MASQUERADE
echo ip route echo ip route
ip route flush all ip route flush all
@ -32,19 +30,12 @@ echo "create route table if it does not exist"
if [ $(cat /etc/iproute2/rt_tables | grep novpn | wc -l) -eq 0 ]; then if [ $(cat /etc/iproute2/rt_tables | grep novpn | wc -l) -eq 0 ]; then
echo "11 novpn" >> /etc/iproute2/rt_tables echo "11 novpn" >> /etc/iproute2/rt_tables
fi fi
if [ $(cat /etc/iproute2/rt_tables | grep balanced | wc -l) -eq 0 ]; then
echo "10 balanced" >> /etc/iproute2/rt_tables
fi
echo "add to novpn table" echo "add to novpn table"
ip route flush table novpn ip route flush table novpn
ip route add 192.168.122.0/24 dev enp1s0 ip route add 192.168.122.0/24 dev enp1s0
ip route add default via 192.168.122.1 dev enp1s0 table novpn ip route add default via 192.168.122.1 dev enp1s0 table novpn
echo "add to balanced table"
ip route flush table balanced
ip route add default via 192.168.122.1 dev enp1s0 table balanced
echo "add to default table" echo "add to default table"
# need to add a default route for the routing code to trigger the fwmark rule at all, else there's a direct "Network is unreachable" with no packet generated. # need to add a default route for the routing code to trigger the fwmark rule at all, else there's a direct "Network is unreachable" with no packet generated.
ip route add default via 192.168.122.254 dev enp1s0 ip route add default via 192.168.122.254 dev enp1s0
@ -53,7 +44,6 @@ echo "disable rp_filter"
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i; done for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i; done
echo "add ip rule fwmark" echo "add ip rule fwmark"
ip rule add fwmark 12 table balanced pref 98
ip rule add fwmark 11 table novpn pref 99 ip rule add fwmark 11 table novpn pref 99
# We should permit replies to traffic we've sent out. # We should permit replies to traffic we've sent out.

2
openvpn.py
View File

@ -66,7 +66,7 @@ class Openvpn:
self.loop = asyncio.get_event_loop() self.loop = asyncio.get_event_loop()
def generate_script(self): def generate_script(self):
self.script_fp = os.path.join(self.folder_path, "cfg.txt") self.script_fp = os.path.join(self.folder_path, "script.sh")
with open(self.template_fp, "r") as template_f: with open(self.template_fp, "r") as template_f:
buf = template_f.read() buf = template_f.read()

2
script.sh.template
View File

@ -16,6 +16,6 @@ ip route add default via ${route_vpn_gateway} table {{route_table_name}}
ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local} ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local}
ip rule add from ${ifconfig_local} table {{route_table_name}} pref {{rule_pref}} #ip rule add from ${ifconfig_local} table {{route_table_name}} pref {{rule_pref}}
exit 0 exit 0