Dear Raspberry Org community,
I am using a raspberry with newest stretch version and facing a routing issue. My network:
LAN: 192.168.178.0/24
Subnet mAsk 255.255.255.0
Default eth0 Gateway 192.168.178.1
(this network is connected to the raspberry, LAN IP Adress: 192.168.178.35)
Second available VPN Network (not yes used in Raspberry) , connected through WAN Port
VPNLAN: 192.168.1.0/24
Subnet mAsk 255.255.255.0
Default Gateway 192.168.1.1
WAN Host 192.168.178.101
I want the setup like this: I want to access from all LAN devices to the raspberry (that already works perfect).
If it comes to internet (running updates in the raspberry or any other traffic caused my software in the raspberry) the (internet) traffic should be routed through the VPNLAN.
I think, therefore I have to add a routing and have as the only gateway the adress of the vpnlan (192.168.1.1).
I am not an expert , tried some setting with route adding etc..nevertehless it did not work.
Is it possible at all? and how?
Thank you very much for your great help.
Warm regards
Stefan
Re: routing internet through different gateway on vpn router
Hi,
Yes it can be done. You have two options:
1. create a host route via your current default gateway for every host that you want to access outside the VPN (that would be the VPN provider's IP for certain, and maybe a DNS server to resolve the VPN provider's domain). Then you can set up a new default gateway as the right IP of the tunnel. This is the more secure and clearer way, as you must explicitly list all destinations not going through the tunnel.
2. you can create a rule with all matching subnet mask (0.0.0.0/1) and route that into the tunnel. This trick is used by pushed routing (because your VPN provider doesn't know your defaultgw, it's simpler to have a catch-all rule), but you can set this rule manually too if you don't have it yet.
When debugging, use "ip ro get (IP)" to check in which interface a packet to IP would leave your box. This helps a lot!
Cheers,
bzt
Yes it can be done. You have two options:
1. create a host route via your current default gateway for every host that you want to access outside the VPN (that would be the VPN provider's IP for certain, and maybe a DNS server to resolve the VPN provider's domain). Then you can set up a new default gateway as the right IP of the tunnel. This is the more secure and clearer way, as you must explicitly list all destinations not going through the tunnel.
2. you can create a rule with all matching subnet mask (0.0.0.0/1) and route that into the tunnel. This trick is used by pushed routing (because your VPN provider doesn't know your defaultgw, it's simpler to have a catch-all rule), but you can set this rule manually too if you don't have it yet.
When debugging, use "ip ro get (IP)" to check in which interface a packet to IP would leave your box. This helps a lot!
Cheers,
bzt
Re: routing internet through different gateway on vpn router
thank you very much....as i am not too much of an expert, can you tell me what commands i have to use ot use your solution? it sounds very good!!!!
Thanks in advance
Stefan
Thanks in advance
Stefan
Re: routing internet through different gateway on vpn router
Surprisingly the command is called "route" or "ip route"
Just type "man route" or "man ip" on your console. The "ip" is a newer command, a network swiss-army-knife tool which will eventually replace the good ol' UNIX-legacy "route" entirely. So if networking is new to you then you probably want to learn "ip".To list: "route -n" or "ip route list"
To add: "route add ..." or "ip route add ..."
Here are some tutorials (use Google for more):
https://www.thegeekstuff.com/2012/04/route-examples
https://linoxide.com/how-tos/add-static-route-linux/
https://www.cyberciti.biz/faq/linux-route-add/ (this one has "ip route" examples too)
...etc.
Cheers,
bzt
Re: routing internet through different gateway on vpn router
thank you very much -worked for me.....and thank you for the great links!!!
Warm regards
Stefan
Warm regards
Stefan