How can I route only a particular subnet to the StrongSwan VPN but not my whole traffic on linux?
I have no particular competences on networking, so I'll do my best to explain my needs.
On my Linux laptop I'm running StrongSwan (with NetworkManager) to connect to a particular VPN with IPsec. This VPN lets me reach these kind of IPs 10.*.*.*.
Now, my problem is that when I run the VPN all the traffic goes through the VPN but I would prefer to route to the VPN only packets addressed to those IPs (10.*.*.*).
How can I do it? Can someone provide me a simple guide, or share the necessary configurations and how to apply them?
Solution 1:
Many Thanks to @ecdsa for the completeness of his answer.
I'm a newbie in networking and I struggled so much to implement the solution although it was trivial.
The following solution adopt the fourth suggestion and require the following steps:
- Switch on your VPN through NetworkManager
-
Run the following command to discover the route created from NetworkManager
user@laptop:~$ ip route list table 220 default via 192.168.1.1 dev enp0s31f6 proto static src 172.26.199.15 Take note of the interface (enp0s31f6) and virtual ip (172.26.199.15)
-
Flush the current route, because you want to use a custom route, with the following command
sudo ip route flush table 220 -
Add your custom route with the following command
sudo ip route add 10.0.0.0/8 dev enp0s31f6 via 172.26.199.15 table 220
Now only packets addressed to 10.0.0.0/8 will be routed throught the VPN.