Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sinot2019-04-16 13:49:16
linux
Sinot, 2019-04-16 13:49:16

How to change the gateway inside a network bridge?

Greetings.
We have a "head office" connected to the "branch" by an L2 tunnel using OpenVPN.
In the branch there is a computer (PC2) with two network ports: one (eth0) is connected to the provider's cable, the other (eth1) is the local network of the branch. On this computer, the tap interface (tap0) created by OpenVPN is added to the network bridge (br0) along with eth1. A similar configuration on the OpenVPN server at the head office. Both machines are running Debian 9.
As a result, the local network of the branch and the head office see each other, the computers of the branch receive network settings from the DHCP server from the head office, but the Internet traffic of the branch also goes through the head office.
The question is how to redirect the Internet traffic of branch clients on PC2 through their own Internet?
For experiments, I assembled a test bench:
DebianClient - imitates branch clients, connected to DebianServer by an isolated network, receives network settings via DHCP (IP: 192.168.0.0/22, Gateway: 192.168.0.1)
DebianServer - imitates a branch edge computer, on it:
ens3 - network interface for provider cable (IP: 172.16.20.4/29, Gateway: 172.16.20.1)
ens4 - interface connected to isolated network (DebianClient)
tap0 - interface created by OpenVPN
br0 - Network bridge with ports ens4 and tap0, under DHCP receives the same settings as DebianClient.
Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
V
Vadim Spriggan, 2019-04-25
@vadimspriggan

Perhaps the routing on PC2 is configured to ip 0.0.0.0 into the tunnel, so that all traffic flies into it.
And you need to register only the addresses of those networks that are on the other side of the tunnel: 192.168.0.0/24
So everything except local addresses will fly to the provider bypassing the tunnel.
And if I were you, I would divide the hosts on both sides into subnets:
192.168.0.0/24 -- 192.168.1.0/24 -- 192.168.3.0/24

Report
M
Michael, 2019-04-16
@Supporting

The task is certainly not easy!
I propose the following solutions:
1. Simple.
Configure for each office its area on DHCP with its own routing settings. On the routers, prescribe the appropriate rules.
2. More difficult.
Configure DHCP policies for head and remote offices with their own routing rules.

Similar questions
N
Nikita Reshetnyak2019-10-07 07:26:25
Why can't you hear the interlocutor in the absence of a tunnel between offices? 2Reply
V
Vitaliy Kybych2019-11-17 23:37:33
How to set up wifi adapter in VirtualBox? 4Reply
#
#2019-03-06 16:08:20
Auto-cleanup of obsolete packages in opensuse? 2Reply
I
Intelide2016-10-07 09:03:19
How to install libpam-pwdfile on centos7? 2Reply
V
vlarkanov2019-03-07 12:53:37
Linux: how to count the total amount of files created between "date" and "date"? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question