Policy Routing through VPN


#1

I’ve successfully gotten it to route traffice from a particular IP address through a connected VPN

[code]show policy

route my-route {
rule 10 {
set {
table 1
}
source {
address 192.168.129.5
}
}
}

show interfaces ethernet eth3

address 192.168.129.1/24
duplex auto
hw-id xx:xx:xx:xx:xx:xx
policy {
route my-route
}
smp_affinity auto
speed auto

show protocols static table 1

interface-route 0.0.0.0/0 {
next-hop-interface tun0 {
}
}[/code]

The above does in fact route all traffice from 192.168.129.5 through the vpn tunnel.

However, I would like to still be able to get to the machine from another subnet on certain ports, specifically 22, 443, and 80.

I can add exceptions to the policy routing but then outbound traffic for 443 and 80 will no longer go through the vpn tunnel. What I want is it to work just like it does when it routes stuff through the WAN. With other machines in that subnet I can get to the machines and all traffic goes through the WAN. So for this particular machine I want all traffic to go through the vpn tunnel and to still be able to get to the machine.


#2

I figured it out!

I modified the route to be.

route my-route { rule 10 { set { table 1 } source { address 192.168.129.5 } destination { address !192.168.0.0/16 } } }


#3

Hello,
thanks for sharing !