Currently I have a physical Linux machine (Centos7) with two physical interfaces. On the eth0 interface I have 3 virtual interfaces - eth0.66, eth0,67, eth0.99 (vlan interfaces). wlan0 is the internal WAN uplink. tun0 is created through an SSL Site-to-Site tunnel. I have enabled ipv4 forwarding in the kernel.
As of currently, the default routing tables looks like this:
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 eth0.66
169.254.0.0 0.0.0.0 255.255.0.0 U 1005 0 0 eth0.67
169.254.0.0 0.0.0.0 255.255.0.0 U 1006 0 0 eth0.99
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.2.0 192.168.60.65 255.255.255.0 UG 0 0 0 tun0
192.168.6.0 192.168.60.65 255.255.255.0 UG 0 0 0 tun0
192.168.7.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.7.128 0.0.0.0 255.255.255.192 U 0 0 0 eth0.99
192.168.7.192 0.0.0.0 255.255.255.224 U 0 0 0 eth0.66
192.168.7.224 0.0.0.0 255.255.255.224 U 0 0 0 eth0.67
I am trying to force all traffic from the 192.168.7.224/27 network through the tunnel and use 192.168.7.1 as the default gateway (192.168.7.1 is the GW of the firewall on the server side for the VPN, which I also control).
I've tried to make a new routing table (in etc/iproute2/rt_tables) - and adding the appropriate rules (for now in the runtime and not via a script, but I know how to do this for persistent routing).
from all to 192.168.7.224/27 lookup custom
from 192.168.7.224/27 lookup custom
and then the routing table:
default via 192.168.7.1 dev tun0
at which point, everything breaks... ping stops working, internet on the eth0.67 network fails, etc. How can I get this routing correctly? Probably a stupid question, but does the kernel routing table get completely ignored and do I need to write in all the other routes the SSL VPN is pushing? (the 192.168.2.0 and 6.0 routes are coming from the SSL OPENVPN config).