[mythtv-users] OT: default routes

[Simon Hobson]

Jan Ceuleers <jan.ceuleers at gmail.com> wrote:

> I would recommend indeed using the routing table rather than the
> firewall (i.e. "ip route" rather than iptables).
> 
> See man ip-route for the syntax. Example:
> 
> ip route add 192.168.55.0/24 via 192.168.1.254 dev eth1

But in this case, it's more complicated than can be done in just the routing tables. I think he'll need to use iptables (mangle table) to set firewall marks (on the VPN traffic) to then use in routing rules.
If the rules can be just a match on source and/or destination IP then it can be done with routing rules - as is the case with the setup I posted an extract from.

Hmm, thinking a bit more, if this is a dial-in VPN then it might be fairly simple. Setup the route rules to route the correct IP(s) via each ISP. Then the VPN egress traffic will go out with the same IP it came in on, dial in to the second IP and you'll automatically use that ISP for the traffic. Normal routing will shunt the private traffic down the tunnel.

For a VPN originating in the network, that'll need rules (probably iptables) to identify the VPN packets and route them accordingly. Some creative use of masq entries, and multiple internal IPs, could get around the need to use fw marks for a VPN originating inside the network.