I was looking into a way of using a third-party VPN connection for certain traffic on my local network, I've created a small Debian VM (192.168.1.54) that connects to my third party VPN with other devices on my network able to route through that VM to utilise the VPN.
On other devices on my network, when I setup my default gateway as either my router (.1) or the Debian VM (.54), latency / speeds are pretty good. However on a second Debian VM (.64) I've created a secondary routing table which doesn't seem to be performing as I'd like.
I've setup the routing table for a specific user with UID = 1001, meaning that I can run processes using this UID to route traffic through the VPN VM. However traffic through this secondary routing table is very slow.
I'm sure it's my fairly basic level of routing tables that's letting me down, but I've run the following commands:
1. echo 200 vpntable >> /etc/iproute2/rt_tables
2. ip route add 0.0.0.0/0 via 192.168.1.54 table vpntable
3. ip rule add uidrange 1001-1001 lookup vpntable
The output of a few relevant commands is as follows:
$ uname -a
Linux ServerDebVM 5.10.0-18-amd64 #1 SMP Debian 5.10.140-1 (2022-09-02) x86_64 GNU/Linux
$ ip rule
0: from all lookup local
32765: from all uidrange 1001-1001 lookup vpntable
32766: from all lookup main
32767: from all lookup default
$ ip route list
default via 192.168.1.1 dev ens18 proto dhcp metric 100
172.18.0.0/16 dev br-a153dd5b3f53 proto kernel scope link src 172.18.0.1
192.168.1.0/24 dev ens18 proto kernel scope link src 192.168.1.64 metric 100
$ ip route list table vpntable
default via 192.168.1.54 dev ens18
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$ ip -d address show ens18
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether a2:fb:31:95:6d:56 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
altname enp0s18
inet 192.168.1.64/24 brd 192.168.1.255 scope global dynamic noprefixroute ens18
valid_lft 84600sec preferred_lft 84600sec
inet6 fe80::a0fb:31ff:fe95:6d56/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Just as a little further background, I used to use DD-WRT on a router but that isn't really an option for me now. Also I could install my third party VPN client on each machine on my network but I'm limited to just 5 devices.
Thanks
