How can i route specific traffic through VPN Client
Posted: 2021/06/24 10:12:57
I have VPN network based CentOS 8 with OpenConnect Package. I need to allow VPN clients to use their local internet for browsing instead of server side. Currently all VPN clients utilising server side internet for browsing.
ip add
ip add
ip route1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 2c:27:d7:19:03:4a brd ff:ff:ff:ff:ff:ff
inet 200.200.200.3/24 brd 200.200.200.255 scope global dynamic noprefixroute eno1
valid_lft 84701sec preferred_lft 84701sec
inet6 fe80::c53b:410a:9d0f:cc5b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: vpns0: <POINTOPOINT,UP,LOWER_UP> mtu 1434 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 10.10.10.1 peer 10.10.10.76/32 scope global vpns0
valid_lft forever preferred_lft forever
inet6 fe80::8da5:409d:a886:5bfb/64 scope link stable-privacy
valid_lft forever preferred_lft forever
firewall-cmd --list-alldefault via 200.200.200.1 dev eno1 proto dhcp metric 100
10.10.10.76 dev vpns0 proto kernel scope link src 10.10.10.1
200.200.200.0/24 dev eno1 proto kernel scope link src 200.200.200.3 metric 100
netstat -rnpublic (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: cockpit dhcpv6-client http https ipsec ssh
ports: 500/udp 4500/udp 443/tcp 443/udp 80/tcp
protocols:
forward: no
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule protocol value="ah" accept
rule protocol value="esp" accept
rule family="ipv4" source address="10.10.10.0/24” masquerade
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 200.200.200.1 0.0.0.0 UG 0 0 0 eno1
10.10.10.76 0.0.0.0 255.255.255.255 UH 0 0 0 vpns0
200.200.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1