Policy based routing - configuration with openvpn.

I just want to check with you if the config i have made is correct.

I have my goflex with archlinux installed on it. The NAS is connected to the router (router IP is 192.168.100.1)- the NAS IP is 192.168.100.107.

I have the dyndns established so i can connect remotely to my NAS via dlinkddns address. On my router there is the port forwarding set up so all the packets are reaching the NAS and i can use PyLoad and other similar services.

Now i want to establish the openvpn connection from my GoFlex so all the transferr from and to it is secure. Easy enough - i'm just using the

openvpn servername.ovpn

And this is working well - i'm being connected, my address is changed and everybody's happy. But now when i'm trying to connect to my NAS via ddns - it is not giving me the connection. Basically what is happening - i'm sending request via my usuall IP and the NAS is sending the response via my openvpn.

Just for a record these are some basic infos from my machine after openvpn connection:

[root@alarm ~]# ip route
0.0.0.0/1 via 10.200.4.1 dev tun0
default via 192.168.100.1 dev eth0  metric 202
10.200.4.0/22 dev tun0  proto kernel  scope link  src 10.200.5.8
77.92.92.161 via 192.168.100.1 dev eth0
128.0.0.0/1 via 10.200.4.1 dev tun0
192.168.100.0/24 dev eth0  proto kernel  scope link  src 192.168.100.107  metric 202
---------
---------
[root@alarm ~]# ip rule
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
Now i removed the 0.0.0.0/1 via 10.200.4.1 dev tun0 rule:

ip route del 0.0.0.0/1 via 10.200.4.1 dev tun0 And i added 2 new tables called - moja and mvpn in the /etc/iproute2/rt_table file.

Then i set up (i think) source based routing - based on interface - saying that all the traffic comming from eth0 is responding to eth0 and all the traffic comming from tun0 is responding through tun0. :

ip rule add dev tun0 table mvpn
ip route add default dev tun0 table mvpn
ip rule add dev eth0 table moja
ip route add default dev eth0 table moja
ip route flush cache

This seems to work, i mean now when i'm ssh from my NAS and check ipecho.net it gives me different ip (vpn ip) than when i'm checking it via my laptop. So this would be my downloading IP.

My only concern is how to check what is my uploading IP? And assuming it's ok how to make this whole procedure more automatic - preferably together with openvpn connection ? Any tips or ideas?

Ok maybe i'll post the final configs:

[root@alarm ~]# ip route
default via 192.168.100.1 dev eth0  metric 202
10.200.4.0/22 dev tun0  proto kernel  scope link  src 10.200.5.8
77.92.92.161 via 192.168.100.1 dev eth0
128.0.0.0/1 via 10.200.4.1 dev tun0
192.168.100.0/24 dev eth0  proto kernel  scope link  src 192.168.100.107  metric 202
------------
-----------
[root@alarm ~]# ip rule
0:      from all lookup local
32764:  from all iif eth0 lookup moja
32765:  from all iif tun0 lookup mvpn
32766:  from all lookup main
32767:  from all lookup default

Cheers,

Post scriptum: Ok, what i did is i putty to my NAS and then i ssd to my dyn-dns addres - after that i have checked the ssh log file (var/logs/auth.log)