Multiple gateways and routing
I am trying to figure out how to solve a "problem" I have which involves two sites and routing external traffic based upon its destination. The two sites are not based in the same country.
On the main site where most of the clients are physically located and connected has a Debian based router. This router has three physical ethernet connections.
- eth0 is connected to the internet
- eth1 is connected to the internal switch. This connection is bridged with a wireless NIC, wlan0 and a virtual interface for OpenVPN, tap0. The internal IP is assigned to this bridge, br0.
- eth2 is currently unused but available if required.
This router is the gateway for the local network (10.1.1.0/24) and has the IP address 10.1.1.1. Clients at this site get their IP addresses via DHCP from the router and are somewhere in that network range. The DHCP server sets the default gateway as 10.1.1.1 for everything but 10.1.1.0/24. User outbound connections from the site are routed out and have the external IP of eth0. For this configuration, everything is working as expected.
Site two has an off the shelf router and assigns local clients with addresses in the 192.168.0.0/24 range and the router itself has the IP of 192.168.0.1. There is a machine on that network that creates a persistent VPN connection to main site. This machine has eth0 connected to the local LAN with 192.168.0.24 and tap0 is the VPN connection to the main site and always receives 10.1.1.254. Only data bound for the 10.1.1.0/24 network is routed over the VPN connection, everything else goes over eth0 via the local ISP.
Now what I want to be able to do. I want to be able to direct certain external bound traffic from the main site through the ISP of site two rather than through the local ISP in cases where it is deemed relevant. The first question is how best to solve this problem? Would it be better to use iptables on the router at the main site or would it be better to write different routing rules to the individual clients routing tables via dhcp? I have also seen the mention of policy based routing but I have only seen this used based on a router connected to multiple ISPs.
Can someone point me in the right direction, your help would be greatly appreciated.