Configuring a route table to route only one (or range of ip) via a VPN connection

router routing

Solution 1:

A network route does not take into account the source ip address, only the destination ip address. This is like saying "if someone wants to go to network 1.2.3.4, use the 192.168.1.xx as the gateway".

What you want to do is saying: " Traffic coming from this ip address goes to internet via this specific gateway ".

This is slightly more complicated. The standard solution for this in Linux is to use the features of the iproute2 package.

  1. Create a new default route on an alternative table ip route add table 55 default via 192.168.20.10 dev ppp0
  2. Mark traffic you want to route iptables -t mangle -I PREROUTING 1 -s 192.168.1.40 -j MARK --set-mark 55
  3. Create a rule so that traffic marked as 55 is routed via table 55 ip rule add fwmark 55 table 55

At this point if you run a tcpdump on interface ppp0 and send some traffic from your 192.168.1.40 device you should see some traffic.

Now you will probably have 2 problems:

  1. NAT : it is likely that you have to add a nat rule so that traffic going out via the ppp0 interface is natted with the interface ip address
  2. fragmentation : your ppp0 interface has probably a MTU which is smaller than the mtu of your eth0 interface, so you have to install a TCPMSS rule to clamp the traffic to something between 1300 and 1400

Related

Losing Internet Connection When Connecting To VPN
Delegating domain in .ru to he.net nameservers
How to bridge an internal network interface to an OpenVPN tun/tap device
Trapped in freebsd-update fetch with strange End display
Windows Server 2008R2 IIS Appcrash
Mysql High cpu load
iptables and NAT/port forwarding not working after server reboot
Is vps server or dedicated server possible as fax server? [closed]
AWS application load balancer 404
link_to :confirm displays popup twice
Trigger back-button functionality on button click in Android
Proxy which requires authentication with Android Emulator