My problem is I have Virtual Private Servers, VPS in different locations around the world. I have created a mesh by using openvpn. Each VPS phones home and sets up a TCP connection to my RT-AC68U running Tomato Shibby 128. I want to route, without thinking, to the different VPS depending upon the country. Then that VPS is now my exit node. I also run Tor on each VPS.
The VPNs are setup and working. I have added a filter on INPUT that only allows sessions to initiate from home.
- iptables -A INPUT -m conntrack —ctstate ESTABLISHED,RELATED -j ACCEPT
This prevents someone who accesses the VPS to get in to my home network.
Next I have setup marking packets according to country
CN = 86
IN = 91
RU = 7
so on
- iptables -t mangle -m geoip —dst-cc CN,HK -j MARK —set-mark 86
- iptables -t mangle -m geoip —dst-cc IN -j MARK —set-mark 91
…..
- BTW how do I debug what fwmark is set?
Now I start adding rules
- ip rule add fwmark 86 table CN
- ip rule add fwmark 91 table IN
……
Now type
- ip rule show
0: from all lookup local
…..
32763:
32764: from all fwmark 0x5B lookup IN
32765: from all fwmark 0x56 lookup CN
32766: from all lookup main
32767: from all lookup default
Now I get lost, to me this states only if fwmark == 0x56 use table CN else do not use table CN
I have played with adding routing to the tables
- ip route add <gw> dev <tunxx> table CN
- ????
openvpn, iptables, iproute2, geoip to route to country
Summary:
Using openvpn, iptables, iproute2, I want to proxy by country. and access the internet from there.