In a previous post, I shared that if an OpenVPN tunnel is running, "Redirect Internet Traffic" is enabled, and VLANs are in use, NATing the VLANs like so:
iptables -t nat -I POSTROUTING -s 192.168.30.0/255.255.255.0 -o tun11 -j MASQUERADE
(The VLAN in question uses 192.168.30.0)
allows my VLANs to be routed down the tunnel and access resources at the other end.
What if I would like one of the VLANS routed down tunnel, and another not? Based on reading a number of Advanced Linux Routing" articles, I have tried this:
iptables -t nat -I POSTROUTING -s 192.168.30.0/255.255.255.0 -o tun11 -j MASQUERADE mkdir -p /etc/iproute2 cat <<EOF>>/etc/iproute2/rt_tables # # reserved values # 255 local 254 main 253 default 0 unspec # # local # 10 TUNNEL 20 ETHER EOF # For the TUNNEL table: ip route add default via 10.255.0.1 dev tun11 table TUNNEL ip rule add from 192.168.30.0/24 table TUNNEL # For the ETHER table: ip route add default via 192.168.254.33 dev vlan2 table ETHER
The command seem to do what I expect:
/ # ip route show table TUNNEL default via 10.255.0.1 dev tun11 / # ip route show table ETHER default via 192.168.254.33 dev vlan2 / # ip rule list 0: from all lookup local 32764: from 192.168.30.0/24 lookup TUNNEL 32765: from 192.168.30.0/24 lookup ETHER 32766: from all lookup main 32767: from all lookup default / #
With "redirect traffic" turned off of course, but I can't seem to get anywhere from my VLAN. I can access neither the tunnel, not the Internet :( DHCP doesn't even seem happy any more. it takes minutes for a device on the VLAN to get an address.
I'm learning as fast as I can, but I would certainly appreciate any help with this that anyone can offer :)