Hi, first of all thanks for a great distro. A very happy user here.
I use IPFire with a VPN provider as described here: https://nordvpn.com/pl/tutorials/ipfire/openvpn/ This works well, even though I need to recreate the tun node after every boot (would be grateful for a solution to this as well). What this does obviously is route all traffic from the internal network through the VPN.
What I’m now trying to accomplish is having the OpenVPN connection be used only for specific internal IPs. As far as I can tell, I need to do this using source based routing. I’m using this tutorial: https://beenje.github.io/blog/posts/openvpn-source-based-routing/
I’m done with all the up/down scripts and the connection starts and routes get added, but nothing gets routed through it. In the first tutorial I linked, this is done using the command
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o tun0 -j MASQUERADE
Now if I modify this for a single host, e.g.:
iptables -t nat -A POSTROUTING -s 192.168.0.10/32 -o tun0 -j MASQUERADE
all other hosts lose internet access.
As far as I can tell, I need to implement the following part from the 2nd tutorial:
Add a new interface in /etc/config/network:
config interface ‘myvpn’
option proto ‘none’
option ifname ‘tun0’
Add a new zone to /etc/config/firewall:
option forward ‘REJECT’
option output ‘ACCEPT’
option name ‘VPN_FW’
option input ‘REJECT’
option masq ‘1’
option network ‘myvpn’
option mtu_fix ‘1’
option dest ‘VPN_FW’
option src ‘lan’
There are no /etc/config files in IPFire and I can’t see anything similar in /var/ipfire to configure the network interface and/or the firewall. Is there any way to do this in IPFire?