With the deprecation of network-scripts, I’m trying to figure out how to recreate routing rules via nmcli for a desktop configuration I use in conjunction with a VPN connection.
Essentially, I want to ensure all local traffic stays local and all outbound traffic goes out through the VPN. The following is what I configure via ip commands that achieves this:
echo 200 localnet >> /etc/iproute2/rt_tables
ip route add default via 10.0.53.1 dev ens3 table localnet
ip rule add from 10.0.54.0/24 table localnet
ip rule add to 10.0.54.0/24 table localnet
ip rule add from 10.0.55.0/24 table localnet
ip rule add to 10.0.55.0/24 table localnet
ip rule add from 10.0.53.0/24 table DBZ
All traffic bound for 10.0.53.0/24, 10.0.54.0/24, and 10.0.55.0/24 route through 10.0.53.1 and all other traffic route through the VPN. With network scripts I would essentially add the above to route-ens3 and rule-ens3 and all works after rebooting etc.
WIth nmcli, I cannot seem to get this to work using the equivalent ipv4.route-table and ipv4.routing-rules settings.
Version:
nmcli tool, version 1.30.6-1.fc34
For example, the following does not work:
nmcli conn modify ens3 ipv4.route-table 200
nmcli conn modify ens3 ipv4.routes "0.0.0.0/24 10.0.53.1 5 table=200"
nmcli conn modify ens3 ipv4.routing-rules "priority 100 from 10.0.53.0/24 to 10.2.0.0/24 table 200"
nmcli conn modify ens3 +ipv4.routing-rules "priority 100 from 10.0.54.0/24 table 200"
nmcli conn modify ens3 +ipv4.routing-rules "priority 100 from 10.0.55.0/24 table 200"
nmcli conn modify ens3 +ipv4.routing-rules "priority 100 to 10.0.54.0/24 table 200"
nmcli conn modify ens3 +ipv4.routing-rules "priority 100 to 10.0.55.0/24 table 200"
Can anyone help me understand what I’m doing wrong and if this is possible with nmcli today?
Thanks
Ray