Tjyylli

Inverse of the covariance matrix of a multivariate normal distribution

Are paired adjectives bad style?

Misplaced tyre lever - alternatives?

When was drinking water recognized as crucial in marathon running?

Six real numbers so that product of any five is the sixth one

What's the values for the Freq_Interval column in MSDB.dbo.SysSchedules when Freq_Type is weekly and more than one day is selected in the schedule?

What is the difference between a forward slip and a side slip?

If nine coins are tossed, what is the probability that the number of heads is even?

A bug in Excel? Conditional formatting for marking duplicates also highlights unique value

Make me a metasequence

What Does the Heart In Gyms Mean?

Levi-Civita symbol: 3D matrix

At what level can a party fight a mimic?

Is it possible to make a clamp function shorter than a ternary in JS?

In Adventurer's League, is it possible to keep the Ring of Winter if you manage to acquire it in the Tomb of Annihilation adventure?

Are small insurances worth it

What type of investment is best suited for a 1-year investment on a down payment?

What does @RC mean in SSDT SQL Server Unit Testing?

Which sins are beyond punishment?

School performs periodic password audits. Is my password compromised?

How can I create a Table like this in Latex?

What could trigger powerful quakes on icy world?

It took me a lot of time to make this, pls like. (YouTube Comments #1)

Do higher etale homotopy groups of spectrum of a field always vanish?

How to configure pptp vpn client on ubuntu server to route specific traffic?

No Internet access using ad hoc network in ubuntuHow to send out some traffic via my vpn connectionCan't connect to SSH over VPN when using 3G onlySplit tunnel routing a specific port over OpenVPN on Ubuntu Server 12.04Can't ping through default gatewayVPN PPTP connection for ubuntu serverRouting all traffic over VPN on Ubuntu LinuxCan't reach servers, running on Raspberry PI, over OpenVPN connectionHow to temporarily change the gateway of a secondary IP?Gateway settings on multiple interfaces

2

I installed and ran successfully a pptp vpn client on a ubuntu server (aws ec2).

I want to be able access certain websites through this vpn.
However, still able to ssh and connect to server.

$ route -n  #after connecting to vpn



Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         172.31.0.1      0.0.0.0         UG    100    0        0 eth0

172.31.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth0

192.168.68.35   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

209.99.22.18    172.31.0.1      255.255.255.255 UGH   0      0        0 eth0

The routing table is as above after connection.
If, I make ppp0 as default gateway, i am not able to ssh to server again.

So, I want to add some rules, so that whenever an application/script request for certain web address or HTTP/HTTPS requests, it will redirect the traffic over ppp0 or the vpn connection but not other connections.

Is it possible?

Thanks in advance!

ubuntu networking vpn routing

share|improve this question

edited Mar 27 '14 at 10:36

R Simon

asked Mar 27 '14 at 2:09

R SimonR Simon

113

bumped to the homepage by Community♦ yesterday

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

2

I installed and ran successfully a pptp vpn client on a ubuntu server (aws ec2).

I want to be able access certain websites through this vpn.
However, still able to ssh and connect to server.

$ route -n  #after connecting to vpn



Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         172.31.0.1      0.0.0.0         UG    100    0        0 eth0

172.31.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth0

192.168.68.35   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

209.99.22.18    172.31.0.1      255.255.255.255 UGH   0      0        0 eth0

The routing table is as above after connection.
If, I make ppp0 as default gateway, i am not able to ssh to server again.

So, I want to add some rules, so that whenever an application/script request for certain web address or HTTP/HTTPS requests, it will redirect the traffic over ppp0 or the vpn connection but not other connections.

Is it possible?

Thanks in advance!

ubuntu networking vpn routing

share|improve this question

edited Mar 27 '14 at 10:36

R Simon

asked Mar 27 '14 at 2:09

R SimonR Simon

113

bumped to the homepage by Community♦ yesterday

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

I installed and ran successfully a pptp vpn client on a ubuntu server (aws ec2).

I want to be able access certain websites through this vpn.
However, still able to ssh and connect to server.

$ route -n  #after connecting to vpn



Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         172.31.0.1      0.0.0.0         UG    100    0        0 eth0

172.31.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth0

192.168.68.35   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

209.99.22.18    172.31.0.1      255.255.255.255 UGH   0      0        0 eth0

The routing table is as above after connection.
If, I make ppp0 as default gateway, i am not able to ssh to server again.

So, I want to add some rules, so that whenever an application/script request for certain web address or HTTP/HTTPS requests, it will redirect the traffic over ppp0 or the vpn connection but not other connections.

Is it possible?

Thanks in advance!

ubuntu networking vpn routing

share|improve this question

edited Mar 27 '14 at 10:36

R Simon

asked Mar 27 '14 at 2:09

R SimonR Simon

113

$ route -n  #after connecting to vpn



Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         172.31.0.1      0.0.0.0         UG    100    0        0 eth0

172.31.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth0

192.168.68.35   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

209.99.22.18    172.31.0.1      255.255.255.255 UGH   0      0        0 eth0

share|improve this question

edited Mar 27 '14 at 10:36

R Simon

asked Mar 27 '14 at 2:09

R SimonR Simon

113

share|improve this question

edited Mar 27 '14 at 10:36

R Simon

asked Mar 27 '14 at 2:09

R SimonR Simon

113

asked Mar 27 '14 at 2:09

R SimonR Simon

113

asked Mar 27 '14 at 2:09

R SimonR Simon

113

1 Answer
1

active

oldest

votes

0

You can mark packets with iptables and route marked packets via iproute2.


It is described in LARTC


In your case first you need create iptables rule:

iptables -t mangle -A OUTPUT -p tcp -m tcp -d 1.2.3.4 --dport 80 -j MARK --set-mark 0x1

Where 1.2.3.4 - ip address of target website.


Then add routing table with iprule

echo 201 crawl >> /etc/iproute2/rt_tables

ip rule add fwmark 1 table crawl

Check it

ip rule ls

0:  from all lookup local 

32765:  from all fwmark 0x1 lookup crawl 

32766:  from all lookup main 

32767:  from all lookup default

Now add default route to table crawl:

ip route add default via 192.168.68.35 dev ppp0 table crawl

That's all, packets with address destination 1.2.3.4 and destination port 80 will be routed via ppp0 interface.

share|improve this answer

edited Apr 9 '14 at 6:56

answered Apr 9 '14 at 6:12

chromium58chromium58

12

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f734094%2fhow-to-configure-pptp-vpn-client-on-ubuntu-server-to-route-specific-traffic%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

You can mark packets with iptables and route marked packets via iproute2.


It is described in LARTC


In your case first you need create iptables rule:

iptables -t mangle -A OUTPUT -p tcp -m tcp -d 1.2.3.4 --dport 80 -j MARK --set-mark 0x1

Where 1.2.3.4 - ip address of target website.


Then add routing table with iprule

echo 201 crawl >> /etc/iproute2/rt_tables

ip rule add fwmark 1 table crawl

Check it

ip rule ls

0:  from all lookup local 

32765:  from all fwmark 0x1 lookup crawl 

32766:  from all lookup main 

32767:  from all lookup default

Now add default route to table crawl:

ip route add default via 192.168.68.35 dev ppp0 table crawl

That's all, packets with address destination 1.2.3.4 and destination port 80 will be routed via ppp0 interface.

share|improve this answer

edited Apr 9 '14 at 6:56

answered Apr 9 '14 at 6:12

chromium58chromium58

12

add a comment | 

0

You can mark packets with iptables and route marked packets via iproute2.


It is described in LARTC


In your case first you need create iptables rule:

iptables -t mangle -A OUTPUT -p tcp -m tcp -d 1.2.3.4 --dport 80 -j MARK --set-mark 0x1

Where 1.2.3.4 - ip address of target website.


Then add routing table with iprule

echo 201 crawl >> /etc/iproute2/rt_tables

ip rule add fwmark 1 table crawl

Check it

ip rule ls

0:  from all lookup local 

32765:  from all fwmark 0x1 lookup crawl 

32766:  from all lookup main 

32767:  from all lookup default

Now add default route to table crawl:

ip route add default via 192.168.68.35 dev ppp0 table crawl

That's all, packets with address destination 1.2.3.4 and destination port 80 will be routed via ppp0 interface.

share|improve this answer

edited Apr 9 '14 at 6:56

answered Apr 9 '14 at 6:12

chromium58chromium58

12

add a comment | 

You can mark packets with iptables and route marked packets via iproute2.


It is described in LARTC


In your case first you need create iptables rule:

iptables -t mangle -A OUTPUT -p tcp -m tcp -d 1.2.3.4 --dport 80 -j MARK --set-mark 0x1

Where 1.2.3.4 - ip address of target website.


Then add routing table with iprule

echo 201 crawl >> /etc/iproute2/rt_tables

ip rule add fwmark 1 table crawl

Check it

ip rule ls

0:  from all lookup local 

32765:  from all fwmark 0x1 lookup crawl 

32766:  from all lookup main 

32767:  from all lookup default

Now add default route to table crawl:

ip route add default via 192.168.68.35 dev ppp0 table crawl

That's all, packets with address destination 1.2.3.4 and destination port 80 will be routed via ppp0 interface.

share|improve this answer

edited Apr 9 '14 at 6:56

answered Apr 9 '14 at 6:12

chromium58chromium58

12

iptables -t mangle -A OUTPUT -p tcp -m tcp -d 1.2.3.4 --dport 80 -j MARK --set-mark 0x1

echo 201 crawl >> /etc/iproute2/rt_tables

ip rule add fwmark 1 table crawl

ip rule ls

0:  from all lookup local 

32765:  from all fwmark 0x1 lookup crawl 

32766:  from all lookup main 

32767:  from all lookup default

ip route add default via 192.168.68.35 dev ppp0 table crawl

share|improve this answer

edited Apr 9 '14 at 6:56

answered Apr 9 '14 at 6:12

chromium58chromium58

12

answered Apr 9 '14 at 6:12

chromium58chromium58

12

answered Apr 9 '14 at 6:12

chromium58chromium58

12