Static routes: trouble with some connections

Hi,

I’ve got 2 routers in my LAN, 192.168.5.1/24 is my VPN router (r1), 192.168.5.2/2 my ‘plaintext’ router (r2). Both use the very same DSL router (192.168.0.1/24) as next hop (default route).
My client machines use ipfire (192.168.5.3/24 (green0), 192.168.5.4 (red0), both configured as “Bridge” in Network | Zone Configuration) as default route.
Network schematic (ignore the arrows, pls):

Setting either router (r1 or r2) as default route in ipfire red interface works just as expected: e.g. filen.io client immediately connects.

Setting r1 as default route and then enabling static routes using r2

brings the trouble: traceroute and even curl https://ifconfig.io (a HTTPS/tcp connection, static routes for it added/enabled) works as expected and returns the DSL-routers public IP, running e.g. filen.io’s client (a HTTPS/tcp connection as well) doesn’t.


Wireshark capture:

Unfortunately IPfire is needed for traffic shaping, I cannot just set routes on my client machines.
But I’m out of ideas what to try so any help/idea was very welcome.

Thank you.

I have had quite a few problems with static routes, I think because the reply coming back from your VPN router knows the direct route back to the PC as it is on the same LAN subnet. Traffic therefore tries to go out via IPFire and come back in directly from the VPN router which has a different IP address.

Try adding an SNAT rule to IPF to SNAT traffic going via the VPN to a source of IPF red.

BTW is your route correct or can you use a bigger subnet such as 146.0.41.0/29, covering .0 - .7? It would make setting up your rules easier.