Primary route with virtual nic

I am going around in circles with a general linux / debian problem, hopefully someone will be able to point me in the correct direction.

What I want to do is ensure that all the traffic from an application / process is routed through a vpn client, whilst all other traffic goes through the default ISP WAN. Further, I wish to ensure that if the vpn connection drops the process doesnt ‘leak’ through the ISP WAN route.

I am sure there are many ways of doing this. So far what I have done is created a virtual interface in my machine, eth0:1 and assigned it an IP. Therefore my machine has eth0, ip = 192.168.2.20 and eth0:1, with the assigned IP 192.168.2.21.

My router then connects to the VPN and routes only 192.168.2.21 through the VPN provider, whilst 192.168.2.20 goes through the ISP WAN, so far so good.

The issue I have is that when 192.168.2.21 is created on my OMV system, all sorts of processes utilise this IP, whereas I only want the 1 x specific process to utilise this IP and the rest to go through the default WAN ISP.

I have done some googling but its all a bit bewildering. I am not sure if I should be trying to achieve this through ip routing or IPtables, or a combination of both?

At present I have the following;

root@OMV:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
root@OMV:~# ip route show
default via 192.168.2.1 dev eth0
192.168.2.0/24 dev eth0  proto kernel  scope link  src 192.168.2.21

I can see from the output of netstat –nlp that various processes are using the virtual eth0:1 ip and the output of curl http://ipecho.net/plain; echo gives the VPN IP address, i.e. through eth0:1 rather than that through the ISP WAN.

As another way of showing the same problem;

root@OMV:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 38:ea:a7:a9:2e:fa brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.21/24 brd 192.168.2.255 scope global eth0:1
    inet 192.168.2.20/24 brd 192.168.2.255 scope global secondary eth0

Which shows that eth0 is the secondary address, whereas at a minimum eth0:1 should be.

If anyone with more knowledge than me can point me in a direction . . . at the moment I am looking too sporadically to find a solution, i.e. I dont know which direction to investigate.

Many thanks as always,
C

I thought I had solved this by installing ifmetric. According to the debian documentation ifmetric assigns priorities to the network interfaces. I therefore edited /etc/network/interfaces to the below but everything still starts with a Metric of 1.

# The loopback network interface
auto lo
iface lo inet loopback


# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
 metric 0


auto eth0:1
iface eth0:1 inet static
 address 192.168.2.21
 network 192.168.2.0
 netmask 255.255.255.0
 metric 10

When I try to set the metric from the command line I get;

root@OMV:~# ifmetric eth0:1 10
Interface 'eth0:1' not existent.

All a bit odd. The debian documentation says it should all work; http://www.debian.org/doc/manu…tml#_the_ifmetric_package

Does anyone have any experience with this?

Gave up on this. Switched from routing an IP forwarded from my OMV to my router to routing a specific UID for the process. Am sharing the link as think its a good one;

http://www.niftiestsoftware.com/2011/08/28/making-all-network-traffic-for-a-linux-user-use-a-specific-network-interface/