How to redirect traffic depending on site in openwrt?

O

otoolov2020-11-06 13:56:35

linux

otoolov, 2020-11-06 13:56:35

Hello. I want to ask experts.
I have a router with OpenWRT 17.0.7 firmware, connected to an open network through which there is access to the outside - eth0, there is also a VPN channel with a limited limit - tun0, how to make certain sites (online.sberbank.ru, e.mail .ru and similar critical ones) went through the encrypted VPN channel, that is, through tun0, and where are the rest of the principals going through an open network without encryption through eth0?

I see 2 options:
1. Raising a proxy on openwrt. But this is problematic given the performance of the router.
2. Add a list of ips to the Firewall rules and what to do with them. It is also problematic, not all services provide information on their ip, and they can be dynamic.

Are there any other options on how to redirect the list of services to an encrypted VPN channel?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

ky0, 2020-11-06
@ky0

And what is the purpose? If you secure interaction with banks and all that, then HTTPS has been everywhere for a long time, which does an excellent job with this. Why do you actually have an "open" network?

V

ValdikSS, 2020-11-07
@ValdikSS

If you have few such sites, and they never change IP addresses (or do it very rarely), you can register them as static routes through tun0.
If there are many domains, they periodically change IP addresses, then one of the options is routing “by domain name”. This can be done with the ipset option in dnsmasq and address routing within ip set. An alternative option is to do this on the server side, according to the VPN Anti-Prohibition principle - route only one subnet to the VPN, and on the server side set the address mapping to this subnet for certain domains.