Routing

Routing is the process of selecting paths in a network along which to send network traffic. There are a couple of Routing protocols to make this happen more or less automatically. For this, we are going to use static routing. The routing is handled by a component of the Kernel and can be configured by the user space tool ip which is contained in the package iproute2. Analogue to iptables or tc you configure one thing per invocation and you would write a shell script which is executed at every boot or at every ifup.

There a couple of different Routing protocols. There the static routing and you can install several userspace routing daemons. http://www.inetdaemon.com/tutorials/internet/ip/routing/

Configuration

/etc/config/network is the UCI configuration file where all routing related adjustments are made in OpenWrt.

You'll find a couple of examples there and the recipes should give you a couple of additional examples, since most of them involve some special routing configuration.

You can of course configure your routing without UCI, read on how:

Routing through your tunnel can be as simple as 'send-it-all', the default if you use LuCI to create the interface, or as complex as you want. Advanced routing is not the purpose of this howto, but if all you want is to do simple source based routing, that is, route traffic through your VPN based in the hosts IP addresses, here is how.

First you need to install the ip package (formerly iproute2). It allows you, among other things, to enable more than one routing table and to create rules to apply them, without any additional firewall rules. For this to work, host's IP must be always the same. You can configure it manually in the host or designate one in your DHCP using it's MAC address or host name.

Now use opkg or LuCI to install ip and create a new routing table. To do that edit /etc/iproute2/rt_tables. It should look like this:

#
# reserved values
#
255  local
254  main
253  default
10   vpn
0    unspec
#
# local
#
#1   inr.ruhelp

Only the line 10 vpn was added and both, the number and the name are for you to chose, just don't mess with the tables already there unless you really know what you're doing. Save the file and add one ore more host rules in terminal. Supposing you want to route two hosts with addresses 192.168.1.20 and 192.168.1.30 (could be any addresses) use

ip rule add from 192.168.1.20 table vpn
ip rule add from 192.168.1.30 table vpn
Now add a default route to your new table and flush the route cache using

ip route add default via <ip_of_the_far_end_of_your_tunnel> dev <pptp_iface_name> table vpn
ip route flush cache

Update: If you can't get ICMP packets pass through and thus unable to open half of the websites you need to add few more lines to the above configuration so it looks like:

ip rule add from 192.168.1.20 table vpn
ip rule add from 192.168.1.30 table vpn
ip route add 192.168.1.20 dev <pptp_iface_name> table vpn
ip route add 192.168.1.30 dev <pptp_iface_name> table vpn
ip route add default via <ip_of_the_far_end_of_your_tunnel> dev <pptp_iface_name> table vpn
ip route flush cache

Now all the traffic from hosts using the alternate routing table will go through the VPN. You can traceroute from a VPN routed host to check it. The table you created will survive reboots (it's written), but the route and rules won't so you must add them using a script. Search documentation for the proper way to do that.

You can do a lot using only ip package routing manipulation. For even more complex routing rules, it can also be coupled with iptables marking rules: iptables marks the packets using PREROUTING and mangle table, and ip routes them according to the marking. Just google for information about it.

Policy Based Routing

Routing Protocols

Back to top

doc/networking/routing.txt · Last modified: 2014/09/13 21:51 by wifly