Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 7275 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.4 - Policy based routing: single source with two different gateway based on protocol

Louis Vézina

I've tried to do this by myself for a couple of days now and I think I have reach the point where I have to ask for help! :-)

I have a single server that need to access the internet using to differents gateways based on which protocol is used.

My UTM server is the default gateway. If I want to communicate with an openvpn server on the internet, I would like to use the default gateway to reach it. For all other communications, I have to use a VPN router on my local network.

I've tried to do this with policy based routing and I my requests seems to be redirected to my VPN router but the reply don't come back to my server.

Is this something that can be done with policy based routing? What am I forgetting here?

Thank you for your help!



This thread was automatically locked due to age.
Parents
  • 0

    Hi Louis,

    I think you have to configure a Multipath rule instead of a policy route.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung
    @sachingurung As far as I know, Multipath rule must be used with interfaces define in UTM. My VPN router is on my network and is define in UTM only as a host. Am I wrong? BTW thank you!
  • 0 in reply to Louis Vézina

    you should try the following:

    - remove default gateway from external interface

    - add a static gateway-route with network "any" and internal VPN-Router as gateway

    - add a static gateway route with network "external VPN gateway"(a host-definition)  and provider-router as gateway.

    ... this send all traffic with VPN-gateway as destination to the internet ... not selected protocols only. but why this should be usefull?

    make sure, UTM can reach needed services (NTP, DNS, ...) over VPN tunnel...

    note: the "Internet" definition can#t be used any more, because this need an gateway-definition at one interface


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • +1 in reply to dirkkotte

    Unfortunatly I really need to send one port (a docker container including an openvpn client) trough UTM while others containers on the same docker host go trough my external VPN router. I don't want my openvpn container to open a VPN tunnel inside an existing VPN tunnel... :-)

    Finally, I made it work by defining a new service with openvpn port (1198 udp) as source port (yes I know, logically it should be destination port but it doens't work that way). I've created 2 policy routes: the first one redirect traffic from my docker host using openvpn service to UTM. The second one redirect all traffic (any) to my VPN router.

    I've made some traceroute from inside my docker container and it works perfectly.

    Thank you for your help guys!

Reply
  • +1 in reply to dirkkotte

    Unfortunatly I really need to send one port (a docker container including an openvpn client) trough UTM while others containers on the same docker host go trough my external VPN router. I don't want my openvpn container to open a VPN tunnel inside an existing VPN tunnel... :-)

    Finally, I made it work by defining a new service with openvpn port (1198 udp) as source port (yes I know, logically it should be destination port but it doens't work that way). I've created 2 policy routes: the first one redirect traffic from my docker host using openvpn service to UTM. The second one redirect all traffic (any) to my VPN router.

    I've made some traceroute from inside my docker container and it works perfectly.

    Thank you for your help guys!

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML