Specific IP routing for VPN
Posted
by
Roy
on Super User
See other posts from Super User
or by Roy
Published on 2012-03-29T11:24:31Z
Indexed on
2012/03/29
11:33 UTC
Read the original article
Hit count: 358
Is there a way that I can prevent an entire subnet from using internal routing. The VPN server is supposed to be a way to access the company's intranet websites for some people, while for others it is supposed to do routing to the outside only and therefore not having access to any internal websites.
The VPN server has a DNS on the actual server but not all should be using this DNS. Some of the users should be directly sent out of the server to the internet.
Example:
10.0.0.1 is the DNS on the server, gateway for the VPN
10.0.0.2 is a user (A) on the VPN having access to the intranet websites (subnet is 10.0.0.0/25)
10.0.0.192 is a user (B) only needing routing and no access to intranet websites (subnet is 10.0.0.192/26)
All traffic of user B should be directly rerouted out of the server.
I have tried several iptables but without success.
© Super User or respective owner