Linux iproute2 RoutingBy Dag, on December 29th, 2016
In my Linux based VPN bypass solution I use a mixture of IP lookup dynamics and a custom route setup to handle both outgoing and incoming connections. It's important to handle the incoming connections as well to prevent all incoming connections going out the VPN interface. This is an obvious problem since the original sender may block the VPN endpoint, and/or your own server may never receive traffic back through the VPN endpoint.
To solve this I use iproute2 (installed by default on most systems) to create an extra routing table and a custom IP rule that will make sure that all traffic that comes in on the LAN interface will also leave there.
Scenario: IP 192.168.0.5, GW 192.168.0.1, LAN NIC eth0
Creating the custom table:
# ip route add 192.168.0.0/24 dev eth0 table 999 # ip route add default via 192.168.0.1 table 999
Creating the custom IP rule:
ip rule add from 192.168.0.5 table 999
You may want to deactivate reverse path filtering if you aren't behind a local subnet gateway (
sysctl -a | grep rp_filter):
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i; done
Now incoming traffic on eth0 will get routed to table 999 (which you can name if you want in /etc/iproute2/rt_tables) which in turn will point it back out eth0.