Hi,
I’ve got the following setup:
routing.png
So I’ve got these two networks, which are connected via the orange link, which is an OpenVPN connection across the internet. The orange boxes are the tun0’s on the OpenVPN boxes, left is server, right is client connected to server.
The lower 192.168.40.0 and 192.168.60.0 subnets, in which the OpenVPN boxes reside, contain only those boxes, and are connected to the respective 192.168.x0.1 interfaces on the Routerboard.
This way I am able to route between the 192.168.30.0 and the 192.168.70.0 subnets, which are the ones where all devices live in. These two networks are nicely connected, any device in any subnet can talk to another device in any of these two subnets.
So the Routerboard in Network 1 has an entry “dest 192.168.70.0/24 gateway 192.168.40.2” and the other one “dest 192.168.30.0/24 gateway 192.168.60.55”.
The default route is over the gateway 192.168.2.1, which is the modem/router, in each network.
Now here come’s the problem:
I want to be able to select some devices in Network 2, residing in the 192.168.70.0/24 subnet, to route 0.0.0.0/0 requests over the OpenVPN link into the Network 1, there through the Routerboard via its 0.0.0.0/0 route out into the internet.
I’ve created an Address List in Network 2 for those devices, and a Mangle Rule which does a “Mark Routing: via-ovpn” in the prerouting for the devices which have “Src. Address List: use-ovpn” wihtout a passthrough.
My problem comes with the routing “rule” in Network 2. There I’m creating a rule with “Dst. Address: 0.0.0.0/0” with “Routing Mark: via-ovpn” but I’m not able to insert 192.168.50.3 from Network 1 as the Gateway. It’s unreachable.
Network 2 has a routing rule for “192.168.50.0/24” via “192.168.60.55”, and the Routerboard in this network is able to ping the IP address 192.168.50.3 which is in the other network.
So I’d like to be able to create a routing rule something among this line:
“Dst. Address: 0.0.0.0/0” with “Routing Mark: via-ovpn” via “Gateway: 192.168.50.3 _over_ 192.168.60.55” so that 192.168.50.3 stopps being unreachable.
I think that this is a next-hop-issue, with the problem being that 192.168.50.3 is not a direct link.
How can I solve this issue?