I want to forward all traffic that comes from clients (192.168.1.0/24) out of openwrt gateway (0.0.0.0/0) to the Server openvpn tunnel.
Server has an openvpn tunnel. It has also set options:
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
net.ipv4.ip_forward=1
tun0 is the default gateway
Openwrt is a default gateway to the Internet.
So if I manually change default gateway on client side to server ip 192.168.1.2 - it works.
+------------+
| INTERNET |
+------|-----+
|
|
|
+--------|-------+
| OpenWRT |
| |
| 192.168.1.1/24 |
+---|----|-------+
| |
| | +-------------+
| | | Server |
| | | |
+---------------+ | |--------192.168.1.2 |
| Client | | | | |
| ----+ +-------|tun0 |
| 192.168.1.101 | | |
+---------------+ +-------------+
What I tried?
Marked all packets except one from server:
iptables -t mangle -I PREROUTING -i br-lan '!' -s 192.168.1.2 -d 0.0.0.0/0 -j MARK --set-mark 1
Then route them via new route table which has default route through 192.168.1.2 but have no luck with it. The traffic stucks in router.
ip route add default via 192.168.1.2 table vpn
ip rule add fwmark 1 lookup vpn
My Sollution
Actually, while I writing this I recognized that I can use dhcp-option=3,192.168.1.2 on dnsmasq router to send all clients preferred gateway. And it works :) Probably this is best sollution. But, is it possible to route all traffic with iptables and routes on openwrt side?
