Policy Based Routing


in my office I’ve dropped vyatta in favour of vyos and set up a gateway as hvm in my xen box. It’s working quite well. (64bit system install, not image)

I have two WAN links balanced in failover, the first an optical link is faster but unreliable, the second is a simple adsl but with a rock solid connection.

Now I need to route ssh traffic from the office toward remote servers through the second wan… I’ve seen PBR is still not fully implemented but it exists some trick to do it.

Can anyone point me to more information about this trick?

Thanks in advance,


I suspect that with these links, you have setup NAT and are running some RFC 1981 space on the internal network. If this is true, you may want to setup some specific SNAT rules to always push your traffic for SSH over the DSL link.


Also interested in this issue.

I have two sites with site-to-site openvpn tunnel between them. Each site has its own default route to the Internet. I need to route traffic to certain Internet addresses through the openvpn tunnel, and on the other side of the tunnel route to the Internet.
What is there about the trick?