I am going around in circles with a general linux / debian problem, hopefully someone will be able to point me in the correct direction.
What I want to do is ensure that all the traffic from an application / process is routed through a vpn client, whilst all other traffic goes through the default ISP WAN. Further, I wish to ensure that if the vpn connection drops the process doesnt ‘leak’ through the ISP WAN route.
I am sure there are many ways of doing this. So far what I have done is created a virtual interface in my machine, eth0:1 and assigned it an IP. Therefore my machine has eth0, ip = 192.168.2.20 and eth0:1, with the assigned IP 192.168.2.21.
My router then connects to the VPN and routes only 192.168.2.21 through the VPN provider, whilst 192.168.2.20 goes through the ISP WAN, so far so good.
The issue I have is that when 192.168.2.21 is created on my OMV system, all sorts of processes utilise this IP, whereas I only want the 1 x specific process to utilise this IP and the rest to go through the default WAN ISP.
I have done some googling but its all a bit bewildering. I am not sure if I should be trying to achieve this through ip routing or IPtables, or a combination of both?
At present I have the following;
root@OMV:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
root@OMV:~# ip route show
default via 192.168.2.1 dev eth0
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.21
I can see from the output of netstat –nlp that various processes are using the virtual eth0:1 ip and the output of curl http://ipecho.net/plain; echo gives the VPN IP address, i.e. through eth0:1 rather than that through the ISP WAN.
As another way of showing the same problem;
root@OMV:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 38:ea:a7:a9:2e:fa brd ff:ff:ff:ff:ff:ff
inet 192.168.2.21/24 brd 192.168.2.255 scope global eth0:1
inet 192.168.2.20/24 brd 192.168.2.255 scope global secondary eth0
Which shows that eth0 is the secondary address, whereas at a minimum eth0:1 should be.
If anyone with more knowledge than me can point me in a direction . . . at the moment I am looking too sporadically to find a solution, i.e. I dont know which direction to investigate.
Many thanks as always,
C