Well, that took quite some doing. Turns out that KabelDeutschland/Vodafone is the least worse provider for VPN-Connections. Routed via Telekom the RDP-Connections are flaky at best.
By default, everything is routed via ppp0/tkom, set up in /etc/ppp/ip-up.d/tkom-up.sh, except for valhalla and the VPN-Server@Work:
/usr/bin/ip rule add to <valhalla>/32 lookup kd /usr/bin/ip rule add to <work>/32 lookup kd
DO NOT flush all rules, no matter what! This will inevitably lead to “Destination Host Unreachable”, because the rules for looking up main and default are flushed, too. Took me a while to figure out 🙁
To fill the routing table kd, add this to /etc/systemd/network/ext.network:
[DHCP] RouteMetric=4096 RouteTable=199
This adds the routes pushed by DHCP to table 199. RouteTable 199 is defined in /etc/iproute2/rt_tables:
# # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep 200 tkom 199 kd
Together with the rules above everything to valhalla and work is now routed via KD.