I am using a Raspberry Pi 3 as a WiFi access point, which routes all traffic through the tun0 interface/OpenVPN. However, I'd like to be able to route traffic from a device with the IP 172.24.1.126 on the network through eth0 interface to bypass the VPN. I have tried marking packets, and routing those packets using a table with a rule to route through eth0 as follows:
iptables -A FORWARD -s 172.24.1.126 -j MARK --set-mark 11 ip rule add fwmark 11 table 3 ip route add default via 192.168.0.1 table 3 However, even when ip route get 8.8.8.8 from 172.24.1.126 iif eth0 mark 11 returned that it was being routed through eth0, the public IP of that device was still that of the VPN server.
The following is my kernel routing table:
Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.18.10.5 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 10.18.10.1 10.18.10.5 255.255.255.255 UGH 0 0 0 tun0 10.18.10.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 108.61.228.73 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0 128.0.0.0 10.18.10.5 128.0.0.0 UG 0 0 0 tun0 172.24.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 My iptables rules are:
-A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o tun0 -j ACCEPT -A POSTROUTING -o tun0 -j MASQUERADE in order to route traffic from wlan0 through the VPN.
Any ideas on how to route traffic from that local IP around the VPN would be appreciated.
Thanks!
