Configuring OpenVPN to achieve this (see diagram)

Would appreciate it very much if you can give me any pointers. I am referring to the highlighted part of the diagram:

I'd basically like all the 192.168.1.x clients to only go through the tunnel to access 192.168.2.x, with no firewall (i.e. like LAN access). All other WAN traffic would go through regular WAN gateway out to the internet.

The OpenVPN server will only have one single OpenVPN client (i.e. that DDWRT router on the other side). And I will make them connect all the time.

Will this setup involve static routing? Or some sort of policy based routing? How will I be able to specify the tunnel as the place to route things to? And how do I link the 'tunnel' zone back to the LAN zone (i.e. no firewall)?

I have never setup an OpenVPN server in OpenWrt before. So any help on that, plus the associated routing setup, would really help. (Is this even doable?)

Cheers !! Thanks again

(Edit: changed capitalization of OpenWrt after getting a reminder from someone on the correct way of spelling OpenWrt...)

Thats a "normal" Openvpn setup. The respective route would be configured automatically when configured in the Openvpn config. While you would create a Firewall Zone for it and allow all traffic between the LAN and the Zone.
You could do a bridge or a L2 setup if you want to not have a Firewall Zone but that surely would be more complex with limited advantage.
The best start is here


Use the wiki instructions to set up OpenVPN server and then apply this:

1 Like