Routing traffic of wlan1 through vpn and traffic of wlan0 to eth0

1

3

I am trying to setup a wireless router and make use of a vpn. As I am fairly new to this secific topic. I hope somebody here can give me a hint or if possible a practical solution. I have searched the web up and down, but I did not find a convincing solution to the following problem:

I have a ubuntu based device with two wireless interfaces (wlan0 and wlan1) as well as a physical network interface (eth0) which is connected to the internet. I also plan to connect to a vpn (openvpn to an vpn provider I'll have to buy first) which will probably be tun0 or something. I want any traffic from devices connecting to wlan1 to be piped through the vpn and all traffic on wlan0 to be routed directly to the internet.

Here are my questions: a) is this possible at all? b) if ( a == yes ) how would I do it?

I need a reliable solution so please no dirty hacks if possible.

Thanks in advance, Peer

peer

Posted 2013-12-23T20:15:46.783

Reputation: 13

Answers

3

This is done using Policy Based Routing.

Normally, routing decisions are made based on the destination network, however, with policy based routing you can route based on all kinds of aspects of a connection. Your scenario is straightforward: if the incoming interface is wlan1 then the default route should be out of tun0

First, we set up a new routing table called "vpn" (or whatever you like):

echo "200 vpn" >> /etc/iproute2/rt_tables

Or you can edit this file and add 200 vpn to the end.

Next, we need to add a rule:

sudo ip rule add iif wlan1 lookup vpn

This is saying "if the incoming interface is wlan1 then use the routing table named "vpn", rather than the normal one.

Then we add a default route to the vpn routing table:

sudo ip route add default dev tun0 table vpn
sudo ip route flush cache

This says anything that is using the routing table called "vpn" will use the tun0 interface as their default gateway. Then we flush the route cache for good measure.

You can use this command to view the vpn routing table:

sudo ip route list table vpn

Now it is just a case of running these commands, perhaps as a script after the vpn is activated. I am pretty sure openvpn has a post-up script you can add them to.

Paul

Posted 2013-12-23T20:15:46.783

Reputation: 52 173

Dear Paul, you are my hero!!! I finally figured out how to run multiple vpn clients on my mini pc ubuntu router and forward each client's traffic to a separate wlan access point!! thank you !! – Mehdi – 2019-08-07T20:08:07.417

Can I still apply iptables rules to wlan1 before the traffic is routed out to the VPN? And do the hosts.deny and hosts.allow files still apply? – peer – 2013-12-25T15:02:57.693

Yes, this is just routing, so everything else works as expected. – Paul – 2013-12-26T00:03:14.557

Asked: 2013-12-23T20:15:46.783

Viewed: 1 930 times

Active: 2013-12-24T07:18:03.290