Adapter with IP for VPN and secondary IP for normal traffic (IP TABLES)

Question

Can't figure out how to route my secondary IP to use my ip table "mytable" which have this setting :

    sudo ip route add default via 192.168.1.255 dev enp5s0 table mytable

the table is set up in /etc/iproute2/rt_tables

I am now trying to add the table to my secondary ip 192.168.1.113 with this rule:

    sudo ip rule add from 192.168.1.113 table mytable

However, the command ip -o route get 192.168.1.113 returns: local 192.168.1.113 dev lo table local src 192.168.1.112

Which i think is routing the secondary ip back to the VPN tunnel.
Extra info:

OS: Ubuntu 18.04
router gateway, ip and dns: 192.168.1.254
Primary ip: 192.168.1.112
LAN adapter is enp5s0
VPN is tun0
ip r returns:

    0.0.0.0/1 via 10.8.1.1 dev tun0 
    default via 192.168.1.254 dev enp5s0 proto dhcp metric 20100 
    -EXTERNAL_VPN_IP- via 192.168.1.254 dev enp5s0 
    10.8.1.0/24 dev tun0 proto kernel scope link src 10.8.1.2 
    128.0.0.0/1 via 10.8.1.1 dev tun0 
    169.254.0.0/16 dev enp5s0 scope link metric 1000 
    192.168.1.0/24 dev enp5s0 proto kernel scope link src 192.168.1.112 metric 100 
    192.168.1.0/24 dev enp5s0 proto kernel scope link src 192.168.1.113 metric 100

I've studied this How to make Apache output packets through a certain network interface when connected to VPN?

I think my problem is wrong route rules and maybe my router settings. I'll appreciate any help.

Thanks in advance.

score 0 · Answer 1 · answered Aug 13 '19 at 19:31

You use the ip route get command wrongly.

The correct command is ip route get <dst> from 192.168.1.113, where <dst> is an ip address of some external host (better run the tcpdump and take the ip from the dump).

Your rule is correct, and the command should return the route 192.168.1.255 dev enp5s0 from additional table.

Adapter with IP for VPN and secondary IP for normal traffic (IP TABLES)

1 Answers1