How to reroute packets to other gateway in LAN?

Question

I have local network 192.168.203.0/24 with 2 gateways: 192.168.203.1 - router that gives access to the internet, 192.168.203.5 - OpenWRT which gives access to other private network through OpenVPN.

The idea behind this is to give access to this other private network for all the clients in LAN, without passing the whole traffic to the internet via VPN.

DHCP informs all the clients that the default gateway in this LAN is 192.168.203.5. OpenWRT should, based on destination IP address of incoming packets, route them to other private network, or reroute them to 192.168.203.1 otherwise. OpenVPN is already working properly in OpenWRT.

How to achieve this in OpenWRT? Is it even legal to reroute packets between gateways in this way?

Answer 1

There are three alternatives to achieve this:

1. add routes to all nodes for 192.168.0.0/16 (or what you use for private subnets) via 192.168.203.5
2. enable the default gateway 192.168.203.1 to route back through 192.168.203.5 for your private subnets - ideally with ICMP redirect, so your end nodes learn that route eventually
3. insert another router - ideally a layer-3 switch - into your network, and make that router the default gateway for all end nodes; on the L3 switch, set 192.168.203.1 as gateway for the default route and 192.168.203.5 for the other private subnets (ultimately, you might want to use that L3 switch to route your private subnets as well, as it's much faster than a software-based WRT router)