I have a server with two NICs, both connected to the network:
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.2 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::9618:82ff:fe37:9048 prefixlen 64 scopeid 0x20<link>
ether 94:18:82:37:90:48 txqueuelen 1000 (Ethernet)
RX packets 438291 bytes 66054606 (66.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1396490 bytes 1999931481 (1.9 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16
eno2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.3 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::9618:82ff:fe37:9049 prefixlen 64 scopeid 0x20<link>
ether 94:18:82:37:90:49 txqueuelen 1000 (Ethernet)
RX packets 61399 bytes 7297765 (7.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3247 bytes 689114 (689.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 17
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 217840 bytes 55504285 (55.5 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 217840 bytes 55504285 (55.5 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The first interface (eno1) is the default gateway. I am trying to configure OpenVPN client to route only the traffic from the second interface (eno2) through the VPN. For the moment I'm using this openVPN config:
client
dev tun
proto udp
remote ca-toronto.privateinternetaccess.com 1198
resolv-retry infinite
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass user.data
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ
log-append /var/log/piavpn.log
nobind
route-noexec
From what I found I believe I need to set the route-noexec option in order to prevent routing all traffic through the VPN. OpenVPN adds this tunnel :
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.87.10.6 netmask 255.255.255.255 destination 10.87.10.5
inet6 fe80::3f6e:2346:240f:4169 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 1 bytes 44 (44.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 48 (48.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The route list looks like this:
default via 10.0.1.1 dev eno1
10.0.1.0/24 dev eno1 proto kernel scope link src 10.0.1.2
10.0.1.0/24 dev eno2 proto kernel scope link src 10.0.1.3
10.87.10.5 dev tun0 proto kernel scope link src 10.87.10.6
I guess I have to route all traffic from eno2 to tun0 however I have no idea of how I should proceed. In the end, I'd like that all traffic using eno2 pass through the VPN and that eno1 remains as it is.