Answer the question
In order to leave comments, you need to log in
How to change the gateway inside a network bridge?
Greetings.
We have a "head office" connected to the "branch" by an L2 tunnel using OpenVPN.
In the branch there is a computer (PC2) with two network ports: one (eth0) is connected to the provider's cable, the other (eth1) is the local network of the branch. On this computer, the tap interface (tap0) created by OpenVPN is added to the network bridge (br0) along with eth1. A similar configuration on the OpenVPN server at the head office. Both machines are running Debian 9.
As a result, the local network of the branch and the head office see each other, the computers of the branch receive network settings from the DHCP server from the head office, but the Internet traffic of the branch also goes through the head office.
The question is how to redirect the Internet traffic of branch clients on PC2 through their own Internet?
For experiments, I assembled a test bench:
DebianClient - imitates branch clients, connected to DebianServer by an isolated network, receives network settings via DHCP (IP: 192.168.0.0/22, Gateway: 192.168.0.1)
DebianServer - imitates a branch edge computer, on it:
ens3 - network interface for provider cable (IP: 172.16.20.4/29, Gateway: 172.16.20.1)
ens4 - interface connected to isolated network (DebianClient)
tap0 - interface created by OpenVPN
br0 - Network bridge with ports ens4 and tap0, under DHCP receives the same settings as DebianClient.
Thank you.
Answer the question
In order to leave comments, you need to log in
Perhaps the routing on PC2 is configured to ip 0.0.0.0 into the tunnel, so that all traffic flies into it.
And you need to register only the addresses of those networks that are on the other side of the tunnel: 192.168.0.0/24
So everything except local addresses will fly to the provider bypassing the tunnel.
And if I were you, I would divide the hosts on both sides into subnets:
192.168.0.0/24 -- 192.168.1.0/24 -- 192.168.3.0/24
The task is certainly not easy!
I propose the following solutions:
1. Simple.
Configure for each office its area on DHCP with its own routing settings. On the routers, prescribe the appropriate rules.
2. More difficult.
Configure DHCP policies for head and remote offices with their own routing rules.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question