I have a Linux (Ubuntu 18.04) device with 4 Ethernet ports and a LTE wwan card that I want to turn into a bridge and router. However, I don't want to enable NAT via the LTE connection, but route all devices connected to the ethernet ports over the VPN.
+---------------------------------------+
| |
| Ubuntu 18.04 |
| NetworkManager (cli) |
| |
| |
+---------------------------------------+ +------------+ +------------+
| bridge0 - 10.44.1.1 | SSL VPN | | | | |
| | +------------------------->+ |
+---------------------------------------+ | Internet | | Fortigate |
| | | | | | | | VPN Device|
| eth0 | eth1 | eth2 | lte (wwan) +------>+ | | |
| | | | | | | | |
+---------------------------------------+ +------------+ +------------+
|
|
+----------+
| PC |
| |
|10.44.1.2 |
+----------+
So far I have:
- Created a bridge on the server
- Associated the 4 ethernet interfaces with the bridge
- Assigned a static IP to the bridge interface
- Configured the wwan (LTE) connection
- Configured the SSL VPN connection
- Enabled IP forwarding on the Ubuntu server
- Assigned the PC connected to eth0 an IP in the bridge subnet
When the VPN comes up it creates a ppp0 interface and adds all of the VPN routes to the server routing table. I can confirm connectivity works from the server itself
I need advice on how to route the devices on the bridge through the VPN.
I'm using NetworkManager to manage all my networking as it was easy to set up the wwan and vpn connenctions.
