I need some help to setup the routing rules of this scenario because I don't get it.
This is my setup:
Addresses:
- eth0, LAN, 10.0.0.0/24
- PPPoE1, PPPoE with ISP 1 (connected in eth1), public ip address 1
- PPPoE2, PPPoE with ISP 2 (connected in eth2), public ip address 2
- ovpn-client pool, 192.168.10.0/24
Firewall:
- input rule for open vpn port
- nat masquerade on PPPoE2
- nat masquerade on PPPoE1
- mangle prerouting rule to mark traffic from 10.0.0.50 with isp1 mark
Routing:
- 0.0.0.0/0 using PPPoE2
- 0.0.0.0/0 using PPPoE1 if isp1 mark
The problem is:
- When I connect to VPN using the public ip of ISP 2 I can go in and everything works except that I cannot connect to 10.0.0.50.
- When I try to connect to VPN using the public ip of ISP 1, I cannot.
What I want is:
- Keep default gateway using ISP 2
- Keep outgoing traffic (not local or VPN) of 10.0.0.50 using ISP 1
- Connect to VPN using either ISP 1 or ISP 2
- Once connected to VPN, be able to connect to any host in VPN or LAN
I've been trying to mark traffic using mangle rules but I cannot get it. May be using routing policies? Any ideas, please?
Thanks in advance.
Regards.