Redirecting network traffic (except VPN and DHCP) through VPN

As I promised in my last post I write down my original solution for the problem, but the sad thins is that is isn't working and I don't know why.

I have a working VPN connection (tcp port 19000) through the interface tap0 it's address is 192.168.1.6. I connect to the Internet with wifi through the interface ra0 whom gets it's address via DHCP. I want to redirect all my communication to the VPN when I use insecure wireless APs.

I made a copy of my main routing table and changed the default gateway to my VPN's one with:

ip route show table main | grep -Ev ^default | while read ROUTE ; \
do ip route add table 6 $ROUTE ; done
ip route add table 6 proto static default via 192.168.1.254

Then marked all my traffic expect VPN and DHCP traffic with:

iptables -t mangle -A OUTPUT -p udp --dport ! 67:68 -j MARK --set-mark 6
iptables -t mangle -A OUTPUT -p tcp --dport ! 19000 -j MARK --set-mark 6
iptables -t mangle -A OUTPUT -p icmp -j MARK --set-mark 6
iptables -t mangle -A OUTPUT -j CONNMARK --save-mark

Then I've set up NAT to my interfaces to translate the source address with:

iptables -t nat -A POSTROUTING -o tap0 -j SNAT --to-source 192.168.1.6
iptables -t nat -A POSTROUTING -o ra0 -j SNAT --to-source `ifconfig ra0| \
grep 'inet addr'|cut -d':' -f2| cut -d' ' -f1`

And fired up my new routing table to my marked packages:

ip rule add fwmark 6 table 6
ip route flush cache

I monitored the my tap0 interface. When I try to ping something I can see the request packets go out and the reply packets come in but my ping shows 100% packet loss, this is the same when I try to connect to a TCP server, I can see the SYNs go out and then the SYN-ACKs come in but my program don't gets them.

Where is the problem where my packets got lost? If you know the answer please reply to my launchpad's question or my ubuntuforums' thread.

Redirecting network traffic through VPN

While I connect to my laptop to the Internet via insecure wifi I want to secure my connection. I am working on this for a while now. My first attempt (and the good way to do it) was playing with packet marking and multyple routing tables, I'll write it down in my next post. But sadly it isn't working somehow, but my next atteplt working... OK, there are some drawbacks. Here is what I modified in my client's openvpn config file, I dded the following lines:

route-gateway <my VPN's gateway's IP>
redirect-gateway def1
persist-remote-ip

The error with this solution is that, I think it redirects DHCP through VPN so my wifi connection should broke down time to time (I am not shure about this), and that I can't define what protocols I want to pass the VPN and what not.

But it is working so I am happy and feel secure.:)

Merry Christmas!

Load Cycle Count Issue

I've hit the Load Cycle Count Issue, eg when the HDD parks too frequently and kills the drive. It isn't an OS specified bug but you can read more on it in Ubuntu's bug #59695 and #104535.

Eee PC

I am writing this post on my new ASUS Eee PC 1000H, under my freshly installed Ubuntu 8.10.

Man I love this stuff. I installed some enhancements from array.org, so now everything works like charm.

More detailed: I installed a fresh Ubuntu from USB, then made the instructions from array.org and finally installed the package eeepc-config, and my notebook was ready. It's easy.

Miniatures

I've found a nice technique called Tilt-shift miniature faking. It makes a normal photo look like taken on miniatures. By the way it is faking because it can be done purely with a special objective.