I have a similar setup to a question raised here some time ago. Here
I have a VPN (OpenVPN) running on my ClearOS server (acting as a gateway for my LAN's internet/security, with two network interfaces, eno1 = WAN, eno2 = LAN) that i use to tunnel HTTP/HTTPS/SMTP/SMTPS/POP3/POP3S/IMAP and other common protocols, through this VPN.
ip route add default dev vpn table 200
ip route add default dev eno1 table 300
ip rule add fwmark 11 table 200
ip rule add fwmark 12 table 300
ip route flush cache
sysctl -w net.ipv4.conf.vpn.rp_filter=2
iptables -t mangle -A PREROUTING -p tcp -m multiport --dports 25,2525,80,110,143,443,465,587,993,995,6667,6668 -j MARK --set-mark 11
iptables -I POSTROUTING -t nat -o vpn -j MASQUERADE
Everything else (Gaming) does not tunnel though the VPN but instead goes out the normal internet line. And some devices (TV for instance) is completely off the VPN tunnel to be able to use Netflix/Hulu/etc.
iptables -t mangle -A PREROUTING -p tcp -m mac --mac-source xx:xx:xx:xx:xx:xx -j MARK --set-mark 12
Its a very BASIC setup and probably could be done better, but its been working for a while now.
Now, i have installed Deluge in daemon mode, onto my Server/Gateway and would like to tunnel this over the VPN.
The problem is, i use Deluge in thin client mode on my personal computer, to connect to the server and manage everything.
I've tried adding iptable rules to force the specific user running the Deluge service (deluge) to go out the VPN tunnel, but then i lose total connectivity to the Deluge daemon, from my Windows Deluge client.
iptables -t mangle -A OUTPUT -m owner --uid-owner deluge -j MARK --set-mark 11
Have i incorrectly set this up, or do i need to add something to allow communication from my local lan? Is it possible to have the Deluge Daemon use the VPN tunnel and still have access to manage it, from my computer on the local lan?
