How to bypass a connection from going through a VPN?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












Network setup looks like the following:



Internet --> Router1 doing PPPOE and VPN --> Switch --> Router2 + other stuff


Router 1 is running Linux with iptables, connects to my ISP and after a successful connection to a VPN. However, Router2 should not go through the VPN while everything else connected to Router1 should.



How to bypass a connection from going through a VPN?
I also don't know if the switch matters in this scenario.






linux networking firewall vpn







share|improve this question























  • Presumably router2 is doing SNAT on traffic originating from behind it, to its IP address in the LAN range of router1?
    – wurtel
    Sep 27 at 14:26






  • 1




    what do you mean by router2 should not go through VPN ? Also providing some (even fake) IP and route table would be lovely so we have a bit more context.
    – Kiwy
    Sep 27 at 14:34










  • @wurtel : yes Everything on router1 will go through the VPN by default. Hence, all devices connected to router2 which again is connected to router1 would go through the VPN. But I don't want connections from devices connected to router2 to go through the VPN and I guess the only or likely easiest option would be to somehow bypass the VPN for everything coming from router2. I'll try to add some ip's and routing table but this might take a while. I guess it should be doable somehow with the prerouting table or adding another route for router2.
    – questo
    Sep 27 at 16:22














up vote
0
down vote

favorite












Network setup looks like the following:



Internet --> Router1 doing PPPOE and VPN --> Switch --> Router2 + other stuff


Router 1 is running Linux with iptables, connects to my ISP and after a successful connection to a VPN. However, Router2 should not go through the VPN while everything else connected to Router1 should.



How to bypass a connection from going through a VPN?
I also don't know if the switch matters in this scenario.






linux networking firewall vpn







share|improve this question























  • Presumably router2 is doing SNAT on traffic originating from behind it, to its IP address in the LAN range of router1?
    – wurtel
    Sep 27 at 14:26






  • 1




    what do you mean by router2 should not go through VPN ? Also providing some (even fake) IP and route table would be lovely so we have a bit more context.
    – Kiwy
    Sep 27 at 14:34










  • @wurtel : yes Everything on router1 will go through the VPN by default. Hence, all devices connected to router2 which again is connected to router1 would go through the VPN. But I don't want connections from devices connected to router2 to go through the VPN and I guess the only or likely easiest option would be to somehow bypass the VPN for everything coming from router2. I'll try to add some ip's and routing table but this might take a while. I guess it should be doable somehow with the prerouting table or adding another route for router2.
    – questo
    Sep 27 at 16:22












up vote
0
down vote

favorite









up vote
0
down vote

favorite











Network setup looks like the following:



Internet --> Router1 doing PPPOE and VPN --> Switch --> Router2 + other stuff


Router 1 is running Linux with iptables, connects to my ISP and after a successful connection to a VPN. However, Router2 should not go through the VPN while everything else connected to Router1 should.



How to bypass a connection from going through a VPN?
I also don't know if the switch matters in this scenario.






linux networking firewall vpn







share|improve this question















Network setup looks like the following:



Internet --> Router1 doing PPPOE and VPN --> Switch --> Router2 + other stuff


Router 1 is running Linux with iptables, connects to my ISP and after a successful connection to a VPN. However, Router2 should not go through the VPN while everything else connected to Router1 should.



How to bypass a connection from going through a VPN?
I also don't know if the switch matters in this scenario.






linux networking firewall vpn




linux networking firewall vpn






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Sep 27 at 14:24









Goro

6,62752865




6,62752865










asked Sep 27 at 14:03









questo

1




1











  • Presumably router2 is doing SNAT on traffic originating from behind it, to its IP address in the LAN range of router1?
    – wurtel
    Sep 27 at 14:26






  • 1




    what do you mean by router2 should not go through VPN ? Also providing some (even fake) IP and route table would be lovely so we have a bit more context.
    – Kiwy
    Sep 27 at 14:34










  • @wurtel : yes Everything on router1 will go through the VPN by default. Hence, all devices connected to router2 which again is connected to router1 would go through the VPN. But I don't want connections from devices connected to router2 to go through the VPN and I guess the only or likely easiest option would be to somehow bypass the VPN for everything coming from router2. I'll try to add some ip's and routing table but this might take a while. I guess it should be doable somehow with the prerouting table or adding another route for router2.
    – questo
    Sep 27 at 16:22
















  • Presumably router2 is doing SNAT on traffic originating from behind it, to its IP address in the LAN range of router1?
    – wurtel
    Sep 27 at 14:26






  • 1




    what do you mean by router2 should not go through VPN ? Also providing some (even fake) IP and route table would be lovely so we have a bit more context.
    – Kiwy
    Sep 27 at 14:34










  • @wurtel : yes Everything on router1 will go through the VPN by default. Hence, all devices connected to router2 which again is connected to router1 would go through the VPN. But I don't want connections from devices connected to router2 to go through the VPN and I guess the only or likely easiest option would be to somehow bypass the VPN for everything coming from router2. I'll try to add some ip's and routing table but this might take a while. I guess it should be doable somehow with the prerouting table or adding another route for router2.
    – questo
    Sep 27 at 16:22















Presumably router2 is doing SNAT on traffic originating from behind it, to its IP address in the LAN range of router1?
– wurtel
Sep 27 at 14:26




Presumably router2 is doing SNAT on traffic originating from behind it, to its IP address in the LAN range of router1?
– wurtel
Sep 27 at 14:26




1




1




what do you mean by router2 should not go through VPN ? Also providing some (even fake) IP and route table would be lovely so we have a bit more context.
– Kiwy
Sep 27 at 14:34




what do you mean by router2 should not go through VPN ? Also providing some (even fake) IP and route table would be lovely so we have a bit more context.
– Kiwy
Sep 27 at 14:34












@wurtel : yes Everything on router1 will go through the VPN by default. Hence, all devices connected to router2 which again is connected to router1 would go through the VPN. But I don't want connections from devices connected to router2 to go through the VPN and I guess the only or likely easiest option would be to somehow bypass the VPN for everything coming from router2. I'll try to add some ip's and routing table but this might take a while. I guess it should be doable somehow with the prerouting table or adding another route for router2.
– questo
Sep 27 at 16:22




@wurtel : yes Everything on router1 will go through the VPN by default. Hence, all devices connected to router2 which again is connected to router1 would go through the VPN. But I don't want connections from devices connected to router2 to go through the VPN and I guess the only or likely easiest option would be to somehow bypass the VPN for everything coming from router2. I'll try to add some ip's and routing table but this might take a while. I guess it should be doable somehow with the prerouting table or adding another route for router2.
– questo
Sep 27 at 16:22










1 Answer
1






active

oldest

votes

















up vote
0
down vote













What you need is policy based routing. See man ip-rule



Set up a rule to match router2



ip rule add from router2 table 200


Set up a route for that rule that points to the correct gateway. $GATEWAY should be the default gateway or router1 before VPN is started.



ip route add default via $GATEWAY table 200





share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f471833%2fhow-to-bypass-a-connection-from-going-through-a-vpn%23new-answer', 'question_page');

    );

    Post as a guest

















    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    What you need is policy based routing. See man ip-rule



    Set up a rule to match router2



    ip rule add from router2 table 200


    Set up a route for that rule that points to the correct gateway. $GATEWAY should be the default gateway or router1 before VPN is started.



    ip route add default via $GATEWAY table 200





    share|improve this answer
























      up vote
      0
      down vote













      What you need is policy based routing. See man ip-rule



      Set up a rule to match router2



      ip rule add from router2 table 200


      Set up a route for that rule that points to the correct gateway. $GATEWAY should be the default gateway or router1 before VPN is started.



      ip route add default via $GATEWAY table 200





      share|improve this answer






















        up vote
        0
        down vote










        up vote
        0
        down vote









        What you need is policy based routing. See man ip-rule



        Set up a rule to match router2



        ip rule add from router2 table 200


        Set up a route for that rule that points to the correct gateway. $GATEWAY should be the default gateway or router1 before VPN is started.



        ip route add default via $GATEWAY table 200





        share|improve this answer












        What you need is policy based routing. See man ip-rule



        Set up a rule to match router2



        ip rule add from router2 table 200


        Set up a route for that rule that points to the correct gateway. $GATEWAY should be the default gateway or router1 before VPN is started.



        ip route add default via $GATEWAY table 200






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Sep 27 at 17:30









        RalfFriedl

        4,2481725




        4,2481725



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f471833%2fhow-to-bypass-a-connection-from-going-through-a-vpn%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            Peggy Mitchell

            Image
            EastEnders character This article is about the soap opera character. For the British tennis player, see Peggy Michell. For the author, see Margaret Mitchell. Peggy Mitchell Barbara Windsor as Peggy Mitchell (2008) EastEnders character Portrayed by Jo Warne (1991) Barbara Windsor (1994–2016) Duration 1991, 1994–2010, 2013–2016 First appearance Episode 650 30 April 1991  ( 1991-04-30 ) Last appearance Episode 5286 17 May 2016  ( 2016-05-17 ) (appearance) Episode 5287 19 May 2016 (voiceover) Introduced by Michael Ferguson (1991) Barbara Emile (1994) Louise Berridge (2004) Kate Harwood (2005) Lorraine Newman (2013) Dominic Treadwell-Collins (2014) Spin-off appearances The Mitchells - Naked Truths (1998) Classification Former; regular Profile Other names Peggy Butcher Occupation Barmaid Businesswoman Pub landlady Jo Warne as Peggy Mitchell (1991) Family Family Mitchell Father Jack Martin Mother Lily Martin Sisters Aunt ...
            Read more

            Palaiologos

            Image
            Palaiologos Παλαιολόγος Palaeologus, Palaeologue Imperial Family Double-headed eagle with the family cypher Country Byzantine Empire, Duchy of Montferrat (remaining lineage after Empire annexed by Ottomans) Founded 11th century  ( 11th century ) Founder Nikephoros Palaiologos (first known) Final ruler Constantine XI Palaiologos (Byzantine Empire) Margaret Paleologa (Montferrat) Titles Byzantine Emperor Marquess of Montferrat Style(s) "Augustus" "Basileus" "Autokrator" Traditions Greek Orthodoxy (predominantly) Roman Catholicism (remaining lineage in Montferrat) Dissolution 1533  ( 1533 ) Cadet branches Claimants: House of Kastrioti (defunct) House of Rurik (defunct) Palaiologan dynasty Chronology Michael VIII 1259–1282 with Andronikos II as co-emperor, 1261–1282 Andronikos II 1282–1328 with Michael IX (1294–1320) and Andronikos III (1321–1328) as co-emperors Andronikos III 1328–1341 John...
            Read more

            The Forum (Inglewood, California)

            Image
            The Forum "LA Forum" Prairie Ave. façade of The Forum in 2014 Full name The Forum, presented by Chase Former names The Forum (1967–1988) Great Western Forum (1988–2003) Address 3900 W. Manchester Blvd Location Inglewood, California Coordinates Coordinates: 33°57′29″N 118°20′31″W  /  33.95806°N 118.34194°W  / 33.95806; -118.34194 Public transit     Downtown Inglewood station Owner The Madison Square Garden Company Operator MSG Entertainment Seating type Reserved Capacity 17,500 Half-bowl: 8,000 Construction Broke ground July 1, 1966  ( 1966-07-01 ) Opened December 30, 1967  ( 1967-12-30 ) Renovated 1988, 2012–2014 Construction cost $16 million Renovation: 2014: $76.5 million Architect Charles Luckman Associates (original) Brisbin Brook Beynon (renovation) Structural engineer Johnson & Nielsen Associates (original) Severud Associates (renovation) Genera...
            Read more