But the issue I have is, how do I in a good way make the nat:ed subnet and the network behind VPN which has public IP:s use different default routes, so nat:ed goes directly out, but the other one via the VPN.
But to simplify the network, and to understand the concept of the setup, lets imagine instead I have a setup with four interfaces, imagine all being physical interfaces for simplicity.
- ext-main - dhcp client
- int-main - 192.168.88.1/24
- ext-secondary - 10.0.0.2 - default route 10.0.0.1 (link network)
- int-secondary - 44.1.1.1/29
My current setup involves running a CHR in a VM just for that second network, but that sounds overkill and would require a new license for something I don't believe I need. And also don't want due to reliability.