Join Log in
Score:0
SureThing avatar Server

Configuring a VPN using Policy Routing on Zorin (Ubuntu 20.04)

br flag
SureThing

A bit stuck here. Semi familiar with routing and semi familiar with linux. Just enough to be dangerous but apparently not enough to be dangerous enough.

Hoping someone can point me in the right direction here. I am pretty sure what I need to be implementing is Policy Routing.

I have 2 NICs (one onboard, and another a separate PCIe Wireless Card). I have connected both to my local network 192.168.X.X.

Now the tricky part is my company uses a custom homebrew VPN that they created themselves (adds some complexity).

Basically what I want to do is I want to keep my local LAN connection and "bind" the VPN to the wireless NIC. Now I know that isn't the right terminology . I believe what I need is to have separate routing tables. My ip route is below

ip route show
default via 192.168.86.1 dev enp34s0 proto dhcp metric 100 
default via 192.168.86.1 dev wlp39s0 proto dhcp metric 600 
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 
192.132.210.67 via 192.168.86.1 dev enp34s0 src 192.168.86.177 
192.168.86.0/24 dev enp34s0 proto kernel scope link src 192.168.86.177 metric 100 
192.168.86.0/24 dev wlp39s0 proto kernel scope link src 192.168.86.33 metric 600 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown 
wil@notmicrosoft:~$

My rt_tables are blow

cat /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0   unspec
1   work
#
# local
#
#1  inr.ruhep
wil@notmicrosoft:~$

I have opened up my company's VPN profile so I can see the routes that they add when everything connects and it uses the tun0 interface.

Is there any way for me to push this traffic and only this traffic through my VPN and then keep the rest of it on my local network?

Please let me know if I can provide any other information!

~Wil

Updated with the Routes the VPN Configures

      <rule to-tunnel="domain.vpn.company.com">
         <dst>ipv4(XXX.XXX.0.0/16)</dst>
         <local-stack direction="from"/>
      </rule>
      <rule to-tunnel="domain.vpn.company.com">
         <dst>ipv4(Y.Y.YYY.YYY/28)</dst>
         <local-stack direction="from"/>
      </rule>
      <rule to-tunnel="domain.vpn.company.com">
         <dst>ipv4(ZZZ.ZZ.0.0/12)</dst>
         <local-stack direction="from"/>
      </rule>
      <rule to-tunnel="domain.vpn.company.com">
         <dst>ipv4(WWW.0.0.0/8)</dst>
         <local-stack direction="from"/>
      </rule>
      <rule from-tunnel="domain.vpn.company.com">
         <src>ipv4(XXX.XXX.0.0/16)</src>
         <local-stack direction="to"/>
      </rule>
      <rule from-tunnel="domain.vpn.company.com">
         <src>ipv4(Y.Y.YYY.YYY/28)</src>
         <local-stack direction="to"/>
      </rule>
      <rule from-tunnel="domain.vpn.company.com">
         <src>ipv4(ZZZ.ZZ.0.0/12)</src>
         <local-stack direction="to"/>
      </rule>
      <rule from-tunnel="domain.vpn.company.com">
         <src>ipv4(WW.0.0.0/8)</src>
         <local-stack direction="to"/>
      </rule>
85
0 + 0
vpn
us flag
Tero Kilkanen
Have you checked with your IT department that this is acceptable? Setup like this has security issues for the company network.
0
Reply
SureThing avatar
br flag
SureThing
Yeah its allowed just they wont help configure it on my end.
0
Reply
djdomi avatar
za flag
djdomi
Off-topic, Its a Enduser Question with a device where you noz allowed to modified
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.