I have an Ubuntu VM (guest OS) running on Fedora (host OS) through QUEMU/KVM.
On the Ubuntu VM I have a VPN client running. Because of end-point visibility rules I'd be kicked out if I tried connecting to the VPN directly from Fedora.
My goal is to route all network traffic from Fedora through the the Ubuntu VM, and to allow Fedora to access the intranet that's behind the VPN.
How could I achieve this?
With the limited information in the question I make the example using some assumptions (just replace the below interface and ip addresses with what is applicable on your system):
Client VPN tunnel interface: vpn0
Client default gateway: 4.3.2.1
Server VPN tunnel IP address: 10.10.10.1
VPN Server IP address: 6.7.8.9 (the address you connect the VPN client to)
Once you have successfully connected the VPN client to the server the following will allow the client full tunnel (i.e. routing all traffic via the VPN server):
Add specific route for the VPN server (so the client will not try to send the VPN traffic inside the VPN tunnel):
ip route add 6.7.8.9 via 4.3.2.1
Add two /1 segments to supersede the default (0.0.0.0/0) route:
ip route add 0.0.0.0/1 via 10.10.10.1 dev vpn0
ip route add 128.0.0.0/1 via 10.10.10.1 dev vpn0
Once you bring down the tunnel the two /1 routes will be automatically removed as the vpn0 is no longer available, and the default route will take precedence again. (The route to the VPN Server public ip address will remain, but is no problem.)
