Edit Feb 2014 – after running with the new routing I discovered that after the connection dropped, the routing didn’t work properly. A quick fix is to add the local routing info into to the tunnel-check script after bringing the interface up. I haven’t investigated further yet, but I have updated the instructions to reflect this.
A while back I set up a permanent SSH tunnel between two systems on different sites to allow me to route specific internet traffic through a different external internet connection so that the traffic appears to originate from the remote site. This is useful when the source IP is used for authentication or authorisation in some way, such as for a geo-fenced application. I wrote a previous blog post on how to do that, which is here, and there were a couple of issues with managing the routing that I was never happy with. Yesterday I had cause to configure the tunnel again (using my previous post as guide of course) and this time I was determined to fix the routing.