this is my configuration
i got 2 computers with ubuntu 22
computer1 with internet and vpn:
eth0 192.168.10.100
eth1 192.168.20.100
tun0 10.33.12.19
now computer2 must use internet by vpn of computer1:
eth0 192.168.20.200
the connection between computer1 and computer2 by 192.168.20.0/24
computer1
enabling forwarding with sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
iptables -A FORWARD -i eth1 -o tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
now testing the connection
host google.com on computer2 generate 2 queries with 2 answers
computer1:
tcpdump -i any -n port 53
20:51:27.210377 eth1 In IP 192.168.20.100.57730 > 178.162.209.143.53: 31575+ A? google.com. (28)
20:51:27.210435 tun0 Out IP 10.33.12.19.57730 > 178.162.209.143.53: 31575+ A? google.com. (28)
20:51:27.219631 tun0 In IP 178.162.209.143.53 > 10.33.12.19.57730: 31575 1/0/0 A 142.250.184.206 (44)
20:51:27.219666 tun0 Out IP 178.162.209.143.53 > 192.168.20.100.57730: 31575 1/0/0 A 142.250.184.206 (44)
one answer direct and one answer thru vpn but only the direct answer reach computer2
all traffic must use vpn, so delete direct routing on computer1 with
ip route del 192.168.20.0/24
dev eth1 proto kernel scope link src 192.168.20.200
if i repeat on computer2 the query dns with host google.com, there is still the answer on computer1, but the answer does not reach computer2
what is the routing for vpn answer ?
perhaps my configuration is bad and there is another configuration ?
