Last active
December 20, 2015 19:45
-
-
Save Mic92/5b36f4868a53df42ff9f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Setup policy routing for vpn gateways | |
[Service] | |
Type=oneshot | |
# Set gateway for local connections. | |
# fwmark is set in iptables OUTPUT chain: | |
# $ iptables -t mangle -I OUTPUT -j MARK --set-xmark 0x2a/0xffffffff | |
# $ ip6tables -t mangle -I OUTPUT -j MARK --set-xmark 0x2a/0xffffffff | |
# for the default gateway rp_filter needs to be disabled | |
ExecStart=/usr/bin/ip rule add fwmark 42 table lxc_gateway priority 424242 | |
ExecStart=/usr/bin/bash -c "ip -4 route list 0/0 | while read ROUTE; do ip route add table lxc_gateway $ROUTE; done" | |
ExecStart=/usr/bin/bash -c "ip -4 route list 0/0 | while read ROUTE; do ip route del $ROUTE; done" | |
# same thing for ipv6 | |
ExecStart=/usr/bin/ip -6 rule add fwmark 42 table lxc_gateway priority 424242 | |
ExecStart=/usr/bin/bash -c "ip -6 route list ::/0 | while read ROUTE; do ip -6 route add table lxc_gateway $ROUTE; done" | |
ExecStart=/usr/bin/bash -c "ip -6 route list ::/0 | while read ROUTE; do ip -6 route del $ROUTE; done" | |
# Set dummy default gateway for ipredator | |
# this is needed because the kernel performs lookup in the routing table | |
# before entering the OUTPUT firewall chain and setting fwmark 42, | |
# later ipredator will be added as a gateway to this table | |
ExecStart=/usr/bin/ip rule add table ipredator priority 424243 | |
ExecStart=/usr/bin/ip route add default dev lo scope link metric 1024 table ipredator | |
# same thing for ipv6 | |
ExecStart=/usr/bin/ip -6 rule add table ipredator priority 424243 | |
# the trick as above with the loopback route above does not work for ipv6, | |
# use a link-local address which will be hopefully never used | |
ExecStart=/usr/bin/ip -6 route add via fe80:dead:9292:beaf:6af7:28ff:feb2:8706 dev eth0 metric 1024 table ipredator | |
ExecStart=/usr/bin/ip route flush cache | |
ExecStart=/usr/bin/ip -6 route flush cache | |
[Install] | |
WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment