Hi everyone, first of all thank you to everyone involved with this project, developers, testers, maintainers, community members.
I've been searching but can't seem to find anything that resembles what I'm trying to accomplish with OpenWRT.
Here's some background
OpenWRT 19.07 stable running on WRT1200AC v2 router. Created all needed interfaces for a dual wan scenario. wan with metric of 10, and wanb with metric 20.
Wan is the primary outbound connection, a fast optic fiber but behind carrier grade nat. WanB is a slow DSL connection but gets a public IP (which I can use for accessing my cameras).
WanB is to be used only for accessing the cameras from the outside world. Wan is for all outbound traffic. Via mwan3 I made it so all outbound traffic uses wan, there is no failover much less load balancing involved.
The way it is right now, I can ping the wanb interface and access my cameras from the outside world. Traffic from the lan to outside uses the fast connection.
Issues begin the moment I turn on the Openvpn client. After establishing the vpn connection I can no longer ping the wanb interface nor access my cameras from outside. From lan to the internet it works fine, traffic goes trough the vpn and keeps using wan.
If the vpn is only happening on wan, I wonder what's blocking remote access to wanb after turning on the openvpn client.
You'll need to add the OpenVPN client as another interface in mwan3. That means apply metric 30 on the interface and use rules for the traffic that should go through.
Same situation, remote connections to wanb don't work after turning the vpn on.
My openvpn interface called "ovpn" is an unmanaged interface and it doesn't let me change its metric. Still, I went ahead and created an interface under mwan3, named it ovpn, created a member called ovpn_m1_w3 and changed the default ipv4 rule to only send outbound traffic through it.
Outbound traffic works fine, goes through the vpn, but remote connections to wanb no longer work.
From another computer using a mobile hotspot. Using wanb's public address ping, RDP, Http to the built in camera webserver work fine if don't enable the openvpn client.
After enabling the openvpn client something is messing with wanb when it shouldn't.
/etc/init.d/mwan3 disable
/etc/init.d/mwan3 stop
uci set network.lan.ip4table="1"
uci set network.wanb.ip4table="2"
uci -q delete network.cam
uci set network.cam="rule"
uci set network.cam.in="lan"
uci set network.cam.src="192.168.1.16/28"
uci set network.cam.lookup="2"
uci set network.cam.priority="30000"
uci commit network
/etc/init.d/network restart
Hi, here's the routing table after enabling the vpn
root@linksys1:~# ip -4 ro li table all
0.0.0.0/1 via 10.8.1.1 dev tun0 table 1
default via 10.17.17.1 dev eth1.2 table 1 metric 10
10.8.1.0/24 dev tun0 table 1 proto kernel scope link src 10.8.1.3
10.15.16.0/24 dev br-lan table 1 proto kernel scope link src 10.15.16.1
10.17.17.0/24 dev eth1.2 table 1 proto static scope link metric 10
66.115.145.24 via 10.17.17.1 dev eth1.2 table 1
128.0.0.0/1 via 10.8.1.1 dev tun0 table 1
172.16.16.0/24 dev eth1.3 table 1 proto static scope link metric 20
0.0.0.0/1 via 10.8.1.1 dev tun0 table 2
default via 172.16.16.1 dev eth1.3 table 2 metric 20
10.8.1.0/24 dev tun0 table 2 proto kernel scope link src 10.8.1.3
10.15.16.0/24 dev br-lan table 2 proto kernel scope link src 10.15.16.1
10.17.17.0/24 dev eth1.2 table 2 proto static scope link metric 10
66.115.145.24 via 10.17.17.1 dev eth1.2 table 2
128.0.0.0/1 via 10.8.1.1 dev tun0 table 2
172.16.16.0/24 dev eth1.3 table 2 proto static scope link metric 20
0.0.0.0/1 via 10.8.1.1 dev tun0 table 3
default dev tun0 table 3 scope link metric 30
10.8.1.0/24 dev tun0 table 3 proto kernel scope link src 10.8.1.3
10.15.16.0/24 dev br-lan table 3 proto kernel scope link src 10.15.16.1
10.17.17.0/24 dev eth1.2 table 3 proto static scope link metric 10
66.115.145.24 via 10.17.17.1 dev eth1.2 table 3
128.0.0.0/1 via 10.8.1.1 dev tun0 table 3
172.16.16.0/24 dev eth1.3 table 3 proto static scope link metric 20
0.0.0.0/1 via 10.8.1.1 dev tun0
default via 10.17.17.1 dev eth1.2 proto static src 10.17.17.203 metric 10
default via 172.16.16.1 dev eth1.3 proto static src 172.16.16.203 metric 20
10.8.1.0/24 dev tun0 proto kernel scope link src 10.8.1.3
10.15.16.0/24 dev br-lan proto kernel scope link src 10.15.16.1
10.17.17.0/24 dev eth1.2 proto static scope link metric 10
66.115.145.24 via 10.17.17.1 dev eth1.2
128.0.0.0/1 via 10.8.1.1 dev tun0
172.16.16.0/24 dev eth1.3 proto static scope link metric 20
broadcast 10.8.1.0 dev tun0 table local proto kernel scope link src 10.8.1.3
local 10.8.1.3 dev tun0 table local proto kernel scope host src 10.8.1.3
broadcast 10.8.1.255 dev tun0 table local proto kernel scope link src 10.8.1.3
broadcast 10.15.16.0 dev br-lan table local proto kernel scope link src 10.15.16.1
local 10.15.16.1 dev br-lan table local proto kernel scope host src 10.15.16.1
broadcast 10.15.16.255 dev br-lan table local proto kernel scope link src 10.15.16.1
broadcast 10.17.17.0 dev eth1.2 table local proto kernel scope link src 10.17.17.203
local 10.17.17.203 dev eth1.2 table local proto kernel scope host src 10.17.17.203
broadcast 10.17.17.255 dev eth1.2 table local proto kernel scope link src 10.17.17.203
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 172.16.16.0 dev eth1.3 table local proto kernel scope link src 172.16.16.203
local 172.16.16.203 dev eth1.3 table local proto kernel scope host src 172.16.16.203
broadcast 172.16.16.255 dev eth1.3 table local proto kernel scope link src 172.16.16.203
You have multiple entries of these vpn injected routes in all of the routing tables, main and custom.
Filter the gateway injection from the vpn server. Set up a default gateway yourself with a proper metric in the static routes.