Hello,
I’m trying to route traffic from my internal network through OpenVPN tunnel using policy based route but it doesn’t seems to work, my route is not created. Here’s my config file:
interfaces {
ethernet eth0 {
address 192.168.10.254/27
description INSIDE
duplex auto
hw-id 00:0c:29:3c:26:a9
policy {
route FILTER-EXTERNAL
}
smp_affinity auto
speed auto
}
ethernet eth1 {
address dhcp
description OUTSIDE
duplex auto
hw-id 00:0c:29:3c:26:b3
smp_affinity auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
encryption aes256
mode client
protocol tcp-active
remote-host xxx.xxx.xxx.xxx
remote-port 443
tls {
ca-cert-file /config/auth/ovpn/ca.crt
cert-file /config/auth/ovpn/client.crt
key-file /config/auth/ovpn/client.key
}
use-lzo-compression
}
}
nat {
source {
rule 100 {
outbound-interface eth1
source {
address 192.168.0.0/16
}
translation {
address masquerade
}
}
}
}
policy {
route FILTER-EXTERNAL {
rule 1000 {
destination {
}
set {
table 100
}
source {
address 192.168.10.0
}
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 10.240.14.1 {
distance 1
}
}
route 10.0.0.0/8 {
next-hop 10.240.14.1 {
distance 1
}
}
table 100 {
route 0.0.0.0/0 {
next-hop 192.168.200.1 {
}
}
}
}
}
And now the routing table:
vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
S>* 0.0.0.0/0 [210/0] via 10.240.14.1, eth1
S>* 10.0.0.0/8 [1/0] via 10.240.14.1, eth1
C>* 10.240.14.0/24 is directly connected, eth1
C>* 127.0.0.0/8 is directly connected, lo
K>* 192.168.2.0/24 via 192.168.200.1, vtun0
C>* 192.168.10.224/27 is directly connected, eth0
C>* 192.168.200.0/24 is directly connected, vtun0
Any idea of what might be wrong? Maybe a conflit with NAT but need it.
Thanks!