I’m new to ROS but loving it so far. Looking at my options when choosing a policy based route it seems I can either do destination address, destination port or source address - fair enough, but it doesn’t suit my use case.
The device is a 10 port RB2011. Port 1 is the WAN and is the only ‘outside’ interface. The other 9 ports are using eth2 as their master (those on switch 2 are explicit members of the local bridge).
Simple example of my ideal setup:
Eth1 (WAN) has an IP of 1.1.1.1/29 and its gateway is LANs gateway of last resort
Eth2 (LAN) has an IP of 10.1.1.1/24 - my LAN clients use this as their def gateway, provided by DHCP
l2tp-out1 - is an outbound VPN client interface that gets an IP once it successfully connects
l2tp-out2 - is an outbound VPN client interface that gets an IP once it successfully connects
Today those L2TP connections are using dedicated routers, so if I want to go out VPN-A I just change my default gateway. (ie dedicated router for VPN A would have an inside IP of 10.1.1.2).
Could I give the ROS some extra IPs, and then send the traffic to a different routing table based on the destination gateway? (problem here is that the alternate gateway IP isn’t in the packet - it gets there via layer 2 and the MAC in my arp table appears to be the same no matter which IP I use).
My plan B is to use source based routing and reserve sections of the /24 for different outbound interfaces, but changing gateways is less problematic than manually shifting IPs and running into conflicts down the road. Here I would route clients from 10.1.1.8/28 to l2tp1, clients from 10.1.1.16/28 to l2tp2 and the rest to the gateway of last resort found by eth1.
Plan C - are virtual routers possible in ROS? Maybe I could use VirtualAPs and do it wirelessly? Suggestions welcome! 