#StackBounty: #debian #iptables #routing #openvpn #vpn How to route specific VPN traffic via specific VPN client?

Bounty: 50

I have VPN network based on OpenVPN software. I need route all network traffic in VPN network where destination IP is from specific country via one specific client on this VPN network (VPN client IP address) – Mikrotik router where is configured NAT (MASQUERADE) for main internet interface (PPPoE). I need get public, dynamic IP address owned by this VPN client (Mikrotik router – PPPoE interface) for all this traffic. So on VPN server I created iptables mangle rule and I use geoip iptables module:

iptables -A PREROUTING -t mangle -i tun0 -m geoip --destination-country COUNTRY_CODE -j MARK --set-mark 1

So I have marked all traffic from client which have destination IP from this specific country. Next I have tried use this solution: Create specific route table and add default route. But default route can be only for next hop on this network. So when I use this command:

ip route add default via specific_VPN_client dev tun0 table CountryRoute 

I get this error:

RTNETLINK answers: Network is unreachable

Is possible route specific traffic to specific client, but not to next hop please?

I tried this iptables rule too:

iptables -A PREROUTING -i tun0 -m geoip --destination-country COUNTRY_CODE -j DNAT --to-destination Mikrotik_VPN_IP

But traffic ends on Mikrotik router. Maybe would be possible solve this problem on this router?

Thank you for your help.

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.