So I have a fairly typical 3 interface setup with shorewall. A couple
of local LAN networks and an ISP internet network. The firewall also
runs OpenVPN server so there is also a vpn zone for that tun interface.
I am considering also having an OpenVPN client connection from the
Firewall/Gateway server to a VPN service provider.
I would want 99% of all my traffic to route exactly as it does before
setting up this new VPN client connection.
What I would like to do is choose specific hosts on the local LAN to
route through this VPN tunnel, but all other traffic to route normally
through the direct connected ISP interface.
Typically when I have created a client VPN connection outside of
shorewall, all traffic typically goes through that tunnel. This is not
what I want to do, as I want to control the traffic that gets routed
through VPN. It would also be acceptable if only traffic for a given
destinations went through the tunnel, if filtering the source connection
was not possible.
I have come across a couple of interweb pages which partially talk about
what I am trying to do and either the text is not exactly what I am
trying to accomplish, or the question was not answered:
https://bit.ly/2SVSdph
https://bit.ly/35QlDKB
Is this something that is easily accomplished but just setting up a new
zone and some new rules, or is this much more involved?
I have looked through the VpnBasics documentation, the tunnels
documentation, and the OpenVpn shorewall documentation, but those
scenarios do not appear to cover what I am trying to accomplish. Can
you please let me know if this can be accomplished with shorewall, and
if there already exists a write up to point me in the right direction?
Thank You.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
