Summary: I would like to route traffic initiated from a specific IP to a VPN
Existing answers: there are several questions and answers (1, 2) which address this exact problem but they do not work for me.
Details:
The setup is on Debian 8. I have an OpenVPN connexion on 10.8.8.134 (peered with a remote 10.8.8.133) through which I would like to route traffic from 192.168.10.10.
192.168.10.10 is a manually created IP on eth0, which also receives via DHCP an address (192.168.0.107) and a default route (192.168.1.1).
I set up OpenVPN to
- refuse routes from the server (
--route-noexec) - remove the "fake default route" added by OpenVPN (two ranges covering all IPV4)
- add routing to
10.8.8.1/255.255.255.255(OpenVPN server gw) via10.8.8.133(the assigned OpenVPN address)
In order to force traffic from 192.168.10.10 to go through the VPN I tried to
ip route add 192.168.10.10 dev tun0- or
ip route add 192.168.10.10 via 10.8.8.133
The resulting routing table
root@debian-testing:~# ip route
default via 192.168.1.1 dev eth0
10.8.8.1 via 10.8.8.133 dev tun0
10.8.8.133 dev tun0 proto kernel scope link src 10.8.8.134
169.254.0.0/16 dev eth0 scope link metric 1000
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.107
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.10
The extra route is equivalent to using route 192.168.10.10 255.255.255.255 in the OpenVPN config file.
In both cases running
traceroute -s 192.168.10.10 www.google.com
sends the packets to the real default gateway:
root@debian-testing:~# traceroute -s 192.168.10.10 www.google.com
traceroute to www.google.com (173.194.112.20), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
As seen by tcpdump (and wireshark)
Why doesn't this routing work?
