Xentrk
Part of the Furniture
Where are the VPN Client entries in the output? Should look something like this:Oh thats weird, it seems the "original" NETFLIX entry is missing:
Code:Chain PREROUTING (policy ACCEPT 19M packets, 18G bytes) num pkts bytes target prot opt in out source destination 1 6450K 7049M IMQ all -- eth0 * 0.0.0.0/0 0.0.0.0/0 IMQ: todev 0 2 142 7668 TTL all -- eth0 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL == 1 TTL set to 64 3 19844 2606K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZON-US dst MARK or 0x8000 4 2837 158K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX2 dst MARK or 0x8000 5 3643 2143K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZON-EU dst MARK or 0x8000 6 20867 1830K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZON-GLOBAL dst MARK or 0x8000 7 7938 927K MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIXDNSMASQ dst MARK or 0x8000
Code:
1 1 60 MARK all -- tun13 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7
2 661K 863M MARK all -- tun15 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7
3 1 60 MARK all -- tun14 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7
Do you see the fwmarks when you type the command ip rule? An entry will only exist for the routing rule. So if you only route to the WAN, you will only see the "lookup main".
Code:
0: from all lookup local
9990: from all fwmark 0x8000/0x8000 lookup main
9991: from all fwmark 0x3000/0x3000 lookup ovpnc5
9992: from all fwmark 0x7000/0x7000 lookup ovpnc4
9993: from all fwmark 0x4000/0x4000 lookup ovpnc3
9994: from all fwmark 0x2000/0x2000 lookup ovpnc2
9995: from all fwmark 0x1000/0x1000 lookup ovpnc1