This question is not specific openWRT but since the openWRT community has an answer to all networking related questions and very willing to help people I ask it here anyway.
This question has been modified to express better the network situation and the findings thus far how to accomplish things.
Network setup:
location 1: openWRT router VPN master
location 2: openwrt router VPN client
location 3: openwrt router VPN client
....
location XX: openwrt router VPN client.
Every physical location has their own gateway obviously to connect to the internet:
172.22.56.1 gw1
172.22.57.1 gw2
172.22.58.1 gw3
Example of the network on a map:
The whole network as you can see is a class B network. So every physical location is using their own internet connection for any connection out of the 172.22.0.0/16 but inside they can all connect with each other, UPnP is working, DHCP working, network neighborhood, sharing, etc. all is working.
Practically because on each device eth0 is bridged with wlan0 and tap0 everyone can communicate with everyone else inside the network as well as the internet while the internet itself of course can't access anyone inside the layer 2 network.
Now for 1 specific internet address, assume that's 47.89.88.80 I however want the packets not to be send out using the gateway of each specific physical location but wherever you are, you should use gw1 always.
In windows I simply do this:
route -p ADD 47.89.88.80 MASK 255.255.255.255 172.22.56.1
and instead of using the normal local physical gateway, assume 172.22.58.1 (gw3) windows automatically sends the packets to 172.22.56.1 over the bridge.
This works perfect. No problems!
But I'd have to do this on all computers and other clients everywhere on the network. So I also want this to work for smart phones, tablets, laptops, Linux, OS X, Windows..
As you can imagine, configuring every single device on all physical locations is a daunting task, if possible! Some clients like iOS where Apple claims customers have no rights over how to use their devices and only apple has the right over how customers use their devices I can imagine setting such routing in the device isn't even possible on a non-jailbroken iOS device.
So the solution lies in simply changing how the packets are routed in the openWRT routers so it applies for all clients that send the packets to their corresponding local gateways, catch these packets for the specific target and resend them back into the bridged network to gw1.
Well I thought simply, but obviously can't get it to work.
Is there a way, I can configure the firewall in openWRT, assume the router with 172.22.58.1, my best bet is iptables or ebtables are needed, to catch these incoming packets on the physical device eth0, if they have the target destination 47.89.88.80/32 they must be send back but with the gateway 172.22.56.1? And also of course the rule that the answering packet goes to the proper client where the original packet came from.
when I add
ip route add 47.89.88.80/32 via 172.22.56.1 dev br-lanbridge
at the router, all the packets from the router itself are correctly not being send to it's own gateway 172.22.58.1 to reach the internet location but using the gateway of 172.22.56.1 of the other router over the tap interface. So that works splendid, but only for packets send from itself!
But all the packets from the bridge interface, eth0, wlan0, wlan1 I receive this message:
reports: Destination protocol unreachable.
So obviously these packets aren't send properly over the bridged tap0 interface to the other gateway.
Is this possible in openWRT and if so, example how to configure the firewall, iptables, ebtables how to do this in openWRT
Thank you in advance for explaining this how to do it, if possible.