Configuring a route table to route only one (or range of ip) via a VPN connection

Solution 1:

A network route does not take into account the source ip address, only the destination ip address. This is like saying "if someone wants to go to network 1.2.3.4, use the 192.168.1.xx as the gateway".

What you want to do is saying: " Traffic coming from this ip address goes to internet via this specific gateway ".

This is slightly more complicated. The standard solution for this in Linux is to use the features of the iproute2 package.

  1. Create a new default route on an alternative table ip route add table 55 default via 192.168.20.10 dev ppp0
  2. Mark traffic you want to route iptables -t mangle -I PREROUTING 1 -s 192.168.1.40 -j MARK --set-mark 55
  3. Create a rule so that traffic marked as 55 is routed via table 55 ip rule add fwmark 55 table 55

At this point if you run a tcpdump on interface ppp0 and send some traffic from your 192.168.1.40 device you should see some traffic.

Now you will probably have 2 problems:

  1. NAT : it is likely that you have to add a nat rule so that traffic going out via the ppp0 interface is natted with the interface ip address
  2. fragmentation : your ppp0 interface has probably a MTU which is smaller than the mtu of your eth0 interface, so you have to install a TCPMSS rule to clamp the traffic to something between 1300 and 1400