Hello,
I’m having an issue with the main routing table being used when I’ve set the traffic to use an alternate routing table. Here is my setup
[remote router with static ip in aws] <-----vpn----- [local router with dynamic IP]
I want all of my web/mail/ssh traffic to go to the host with a static, and tunnel to the local router, then to a server behind that router. To make this work I have to have multiple routing tables:
main table on dynamic router:
0.0.0.0/0 goes to isp assigned gateway 5.5.5.1
5.5.5.5/24 dynamic ip assigned by isp to isp facing interface
10.99.99.1 to vpn interface
10.0.0.0/24 to lan ports
awsvpn table on dynamic router:
0.0.0.0/0 goes to 10.99.99.1
10.99.99.1 to vpn interface
10.0.0.0/24 goes to lan ports.
Then when I have traffic show up on my tunnel, I mark it to use the alternate routing table:
add action=mark-connection chain=prerouting in-interface=vpntoaws log-prefix=markingconnection new-connection-mark=100 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=100 log-prefix=settingroutingtable new-routing-mark=awsvpn passthrough=yes
This works fine, I can talk to my server using the static IP in AWS just fine, and the replies go back through the tunnel.
Here is the issue:
If I send a web request to the static from behind the dynamic router, it’s sourced from my dynamic address (5.5.5.5). The router in AWS translates it to the private IP, (5.5.5.5->10.0.0.10) tunnels it, it gets to the dynamic router and it marks the connection as 100 and sets the alternate routing table, when the response comes back from the server (10.0.0.10->5.5.5.5) it should still be marked 100 (which appears to be the case in the logs) and use the awsvpn table, which should pick 0.0.0.0 route and send the response back through the tunnel, bu it doesn’t, it sees that that the 5.5.5.5 address is local and never puts the return traffic on the vpn which breaks stuff.
I’ve also noticed that this awsvpn routing table works :
0.0.0.0/0 goes to 10.99.99.1
10.0.0.0/24 goes to lan ports.
But it shouldn’t as it doesn’t have any idea where 10.99.99.1 is without spilling over into the main table.
What I’m missing? Why do the alternate tables spill over into main?
schu