I am connected through a VPN and I want some user accounts to bypass it. VPN interface is tap0 (IP is 172.16.x.x), the main one is wlan0 (IP is 192.168.10.3). All regular traffic goes to the Internet via tap0.
I created a second routing table and added a uid rule:
# ip route add default via 192.168.10.1 dev wlan0 proto static table 2 # ip rule add uidrange 1001-1001 table 2 # ip route show table 2 default via 192.168.10.1 dev wlan0 I expect the user's traffic to come out on wlan0 with source IP 192.168.10.3. However, the affected user's traffic has the IP of the wlan0 interface but comes out on the wrong tap0 interface (and then goes nowhere). Without the rule the traffic goes normally via tap0.
Strangely, ip route get shows what I would expect. With the rule in place:
$ ip route get 8.8.4.4 8.8.4.4 via 192.168.10.1 dev wlan0 table 2 src 192.168.10.3 uid 1001 cache Without the rule:
$ ip route get 8.8.4.4 8.8.4.4 via 172.16.0.1 dev tap0 src 172.16.0.102 uid 1001 cache I also tried adding dev wlan0 and proto static to the routing table but it changed nothing. I have totally nothing in iptables, all policies set to ACCEPT. I also tried iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE but it did not help (obviously because the traffic goes out on tap0). I also set rp_filter to zero everywhere.
In any case, the user can successfully ping the wlan0 gateway at 192.168.10.1. Thanks for help.
