Re: Need help creating proper routes / iptables for VPN

From: Pascal Hambourg <boite-a-spam@xxxxxxxxxxxxxxx>
Date: Wed, 05 Jan 2011 19:35:36 +0100

Moe Trin a écrit :

If you want to add a route to 192.168.10.2-200, you most likely want
it to be accessed through the host/router at 192.168.10.1, and this
can be done using the ppp routing scripts. Look in the directory
/etc/ppp/ and see if there is a file named /etc/ppp/ip-up (which
runs in a default ANU ppp setup when the ppp link goes up for IP
traffic). You can put a routing command in there to add the route

/sbin/route add -net 192.168.10.0 netmask 255.255.255.0 gw $5

Alternatively, you can specify the PPP interface instead of the gateway

/sbin/route add -net 192.168.10.0 netmask 255.255.255.0 dev $1

It won't make a difference in most cases, except in special situations
when multiple PPP connections (thus having the same remote address) with
the same peer are established, for load-balancing or fail-over.

Also, in case the system may establish different kinds of PPP
connections, it may be useful to identify each of them with the
'ipparam' pppd option, whose value is available in the variable $6.

NOTE that your un-named
distribution may have altered the ppp binary, and use slightly
different filenames, but this should be documented.

In some distributions such as Debian (and maybe derivatives), the
provided /etc/ppp/ip-up script runs scripts found in the directory
/etc/ppp/ip-up.d/ (with fancy PPP_* variable names, read the script for
details), so it is be better to create a script there than to modify the
provided script.

These scripts are a good location to add/remove iptables rules related
to the PPP connection too.
.

Follow-Ups:
- Re: Need help creating proper routes / iptables for VPN
  - From: Moe Trin

References:
- Need help creating proper routes / iptables for VPN
  - From: alumnizx
- Re: Need help creating proper routes / iptables for VPN
  - From: Moe Trin

Prev by Date: Re: Need help creating proper routes / iptables for VPN
Next by Date: Re: Need help creating proper routes / iptables for VPN
Previous by thread: Re: Need help creating proper routes / iptables for VPN
Next by thread: Re: Need help creating proper routes / iptables for VPN
Index(es):
- Date
- Thread

Relevant Pages

Packet routing by source IP
... I have two internet connections and a lan on which I run a server. ... ISP connection 1 goes into a linux router and the connection 2 goes ... iptables has a ROUTE target and can route the packets by source IP. ...
(comp.os.linux.networking)
Re: Multiple internet connections routing.
... >> connections end up on the same gateway machine) whenever first ... >> register their addresses as your primary and secondary DNS ... A connection surveillance mechanism, triggering a route switching ... And the route switching script itself. ...
(comp.os.linux.networking)
Re: Network Setup Advice
... This lets inbound connections work for mail, ... lest you have the neighborhood skript-kiddy surfing pr0n and sending ... and that is going to have to be the route ... are going to have considerable confusion over which interface to use. ...
(comp.os.linux.networking)
Re: Changing the NAT IP on demand?
... the default route on the FreeBSD gateway whenever an event tells it ... The concern here is to keep currently-stablished connections alive, ... being used as the default route. ... gets too large (over tens of thousands of static routes). ...
(freebsd-hackers)
Re: Moving interfaces
... use the peer address as the default route gateway. ... , and created the scripts. ... default route with the peer address as the gateway address. ... I don't have the Debian package, so I can't tell what ``improvements'' ...
(alt.os.linux)