@a.katib91
Part 2 is live:
Using NetBird for Site-to-Site Routing on VyOS – Exit Node
What you’re trying to do is a little different though, since I just showed a simple solution. NetBird already uses PBR to forward its traffic into table 7120, so you’re trying to do PBR on top of PBR. You can see the rule (rule 110) with ip rule show.
vyos@NB-LAN# sudo ip rule show
0: from all lookup local
100: from all lookup main suppress_prefixlength 0
110: not from all fwmark 0x1bd00 lookup 7120
32766: from all lookup main
32767: from all lookup default
You can see that traffic that does not have a mark of 0x1bd00 will be sent to the NetBird table (7120).
So the simple solution is to just mark the traffic that you want to use the local internet of vyos#2 with that mark. 0x1bd00 maps to a decimal value of 113920. So we create a policy route rule for our traffic. This will prevent 10.0.1.10 from using NetBird’s PBR.
set policy route TEST interface 'eth1'
set policy route TEST rule 10 action 'accept'
set policy route TEST rule 10 set mark '113920'
set policy route TEST rule 10 source address '10.0.1.10'
And we test:
Traceroute from 10.0.1.10 to 4.2.2.2:
10_0_1_10> trace 4.2.2.2 -P 1 -m 15
trace to 4.2.2.2, 15 hops max (ICMP), press Ctrl+C to stop
1 10.0.1.1 0.720 ms 0.611 ms 0.638 ms
2 10.0.95.1 4.084 ms 4.156 ms 5.145 ms
3 172.16.0.1 2.620 ms 2.580 ms 3.695 ms
4 .... hops omitted
9 4.2.2.2 8.153 ms 10.280 ms 11.141 ms
Traceroute from 10.0.1.11 to 4.2.2.2:
10_0_1_11> trace 4.2.2.2 -P 1 -m 15
trace to 4.2.2.2, 15 hops max (ICMP), press Ctrl+C to stop
1 10.0.1.1 0.834 ms 0.659 ms 0.671 ms
2 100.90.34.56 2.499 ms 2.394 ms 2.371 ms
3 10.0.95.1 8.439 ms 5.915 ms 5.295 ms
4 172.16.0.1 4.212 ms 3.877 ms 4.276 ms
5 ... hops omitted
10 4.2.2.2 17.476 ms 16.037 ms 15.031 ms
You can see that 10.0.1.10 takes the local internet path (the 10.0.95.1 hop), and 10.0.1.11 will take the NetBird path since we aren’t matching that in our policy route rule.