working nexthop split

2020-04-06 23:47:02 -04:00 · 2020-04-06 23:47:02 -04:00 · 72ea645e34
commit 72ea645e34
parent a0427f3c95
3 changed files with 2 additions and 12 deletions
--- a/iptable.sh
+++ b/iptable.sh
@ -10,7 +10,6 @@ iptables -t mangle -X
 # Let the VPN client communicate with the outside world.
 #iptables -A OUTPUT -j ACCEPT -o enp1s0
 iptables -A OUTPUT -j ACCEPT -o enp1s0 -m owner --gid-owner openvpn
-#iptables -A OUTPUT -j ACCEPT -o vpn0 -m owner --gid-owner openvpn

 # The loopback device is harmless, and TUN is required for the VPN.
 iptables -A OUTPUT -j ACCEPT -o lo
@ -19,7 +18,6 @@ iptables -A OUTPUT -j ACCEPT -o tun+

 #iptables -A OUTPUT -j ACCEPT -o tun+
 iptables -t mangle -A OUTPUT -m owner --gid-owner openvpn -j MARK --set-mark 11
-iptables -t mangle -A OUTPUT -j MARK --set-mark 12
 iptables -t nat -A POSTROUTING -m owner --gid-owner openvpn -o enp1s0 -j MASQUERADE
 echo ip route
 ip route flush all
@ -32,19 +30,12 @@ echo "create route table if it does not exist"
 if [ $(cat /etc/iproute2/rt_tables | grep novpn | wc -l) -eq 0 ]; then
    echo "11  novpn" >> /etc/iproute2/rt_tables
 fi
-if [ $(cat /etc/iproute2/rt_tables | grep balanced | wc -l) -eq 0 ]; then
-    echo "10  balanced" >> /etc/iproute2/rt_tables
-fi

 echo "add to novpn table"
 ip route flush table novpn
 ip route add 192.168.122.0/24 dev enp1s0
 ip route add default via 192.168.122.1 dev enp1s0 table novpn

-echo "add to balanced table"
-ip route flush table balanced
-ip route add default via 192.168.122.1 dev enp1s0 table balanced
-
 echo "add to default table"
 # need to add a default route for the routing code to trigger the fwmark rule at all, else there's a direct "Network is unreachable" with no packet generated.
 ip route add default via 192.168.122.254 dev enp1s0
@ -53,7 +44,6 @@ echo "disable rp_filter"
 for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i; done

 echo "add ip rule fwmark"
-ip rule add fwmark 12 table balanced pref 98
 ip rule add fwmark 11 table novpn pref 99

 # We should permit replies to traffic we've sent out.
--- a/openvpn.py
+++ b/openvpn.py
@ -66,7 +66,7 @@ class Openvpn:
            self.loop = asyncio.get_event_loop()

    def generate_script(self):
-        self.script_fp = os.path.join(self.folder_path, "cfg.txt")
+        self.script_fp = os.path.join(self.folder_path, "script.sh")

        with open(self.template_fp, "r") as template_f:
            buf = template_f.read()
--- a/script.sh.template
+++ b/script.sh.template
@ -16,6 +16,6 @@ ip route add default via ${route_vpn_gateway} table {{route_table_name}}
 ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local}


-ip rule add from ${ifconfig_local} table {{route_table_name}} pref {{rule_pref}}
+#ip rule add from ${ifconfig_local} table {{route_table_name}} pref {{rule_pref}}

 exit 0