# Routing different applications through different gateways

## sKewlBoy

I have to connect to a VPN so I can SSH in my work shell, but that VPN network has a lot of restrictions. I need to be able to have only that ssh session running through the VPN tunnel, whie the rest of the apps use my default connection gateway.

I was wondering if there's any application out there to do that. I remembered I could use iptables to route connection to that host and port through a device while the rest remains normal, but I'd prefer something simpler, and even better, that I could also use in windows.

Thank you

----------

## kashani

I would first verify that you VPN allows you to do any routing other than to the VPN gateway. If your VPN is that locked down it's unlikely that they are allowing your computer to even hit local machines on your home network. To test try connection to your VPN and then try to ping the internal IP of a local machine behind your local router. 

kashani

----------

## sKewlBoy

well, my routing table isn't cleared and my home LAN IP addresses are different (home 192.etc, VPN 172.etc). I can access my home machines at home, as they are routed through a different interface, VPN has no saying on that :p

This is one of the cenarios anyway, not in my home LAN but when I'm outside office using UMTS connection:

- fire up my UMTS connection with pppd (can do whatever I want, but can't access the internal office machines which I want to SSH into)

- fire up vpnc which sets tun0 and changes my default gw to it (now I can access freely the office LAN and browse WWW using the office proxy, but nothing else)

I tried "route add default gw [my UMTS gw]", but then I can't access office LAN nor internet with UMTS connection. using "route add default gw [tun0 ip]" fixes it back to accessing office LAN.

What I really wanted was everything being routed through my UMTS interface (non tunneled) except connections to a specific local ip which would be routed through tun0.

Is that possible to set up with route or using anything else?

----------

## kashani

If that is the case then this should be easy to fix with simple routing statements. Once you're connected I'd run a script that does the following.

```

route add -net 172.16.0.0 netmask 255.240.0.0 gw tun0

route add default gw pppd (or whatever it's normally set to)

```

You'll always want to do the route for the VPN first so it doesn't drop after you move the default gw. I'm not exactly sure about the syntax on the 172 statement and you might need to modify that. 

kashani

----------

## sKewlBoy

thank you very much!

I wonder if I can put the exact IP with MASK 255.255.255.255.

I'll check windows route command for doing the same.

thank you

----------

## vadik56

To route a single host through vpn:

```
 route add -host 172.16.252.123 dev tun0
```

----------

## sKewlBoy

Worked like a charm, thank both of you!

Just a note in case someone also looking into these

```

route add -net 172.16.0.0 netmask 255.240.0.0 dev tun0

(or)

route add -host SINGLE_IP dev tunDEVICE

route add default dev pppDEVICE

```

Now, on to check the crappy windows route command. Wish cygwin had this route too  :Smile: 

----------

