Exclude some IPs from the OpenVPN

Hello.

Cisco SPA112 Phone Adapter is connected to Asus RT-AC56U with OpenWRT. How can I exclude Cisco SPA112 Phone Adapter or other devices from OpenVPN?

Do I need a vpn-policy-routing package? I had no success with the package. How do I configure this?

Thanks.

Package not needed.

# in /etc/config/network

config rule
        option src '192.168.1.x'
        option dest '0.0.0.0/0'
        option priority '2'
        option lookup 'main'

If your VPN changes the main table, you may have to build the normal default route in another table.

See:

I have no network experience and it was difficult for me to configure that.

  1. This rule does not work with VPN Kill-Switch
  2. This rule must be above the VPN rule in /etc/config/network

then it works for me.

Edit: And with vpn-policy-routing package is that not possible to configure?

Edit2: This solution only worked for 5 minutes. So my VPN changes the main table?

How I have to build the normal default route in another table?

Yes.

I personally find the app more complex - I've rarely used it and am unfamiliar with it.

The links are not helpful, because I do not know the basics.

See my last post @lleachii.

Thanks for your help.

Cisco SPA112 Phone Adapter has the IP 192.168.1.205.

Here are IPv4 Routes:

root@OpenWrt:~# ip -4 route show table all
0.0.0.0/1 via 10.3.7.1 dev tun0
default via 109.91.76.1 dev eth0.2 proto static src 109.91.78.187
10.3.7.0/24 dev tun0 proto kernel scope link src 10.3.7.252
85.17.28.145 via 109.91.76.1 dev eth0.2
109.91.76.0/22 dev eth0.2 proto kernel scope link src 109.91.78.187
128.0.0.0/1 via 10.3.7.1 dev tun0
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
broadcast 10.3.7.0 dev tun0 table local proto kernel scope link src 10.3.7.252
local 10.3.7.252 dev tun0 table local proto kernel scope host src 10.3.7.252
broadcast 10.3.7.255 dev tun0 table local proto kernel scope link src 10.3.7.252
broadcast 109.91.76.0 dev eth0.2 table local proto kernel scope link src 109.91.78.187
local 109.91.78.187 dev eth0.2 table local proto kernel scope host src 109.91.78.187
broadcast 109.91.79.255 dev eth0.2 table local proto kernel scope link src 109.91.78.187
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1

Maybe that will help.

# in /etc/config/network

config rule
	option src '192.168.1.205/32'
	option dest '0.0.0.0/0'
	option priority '2'
	option lookup '2'

config route                
        option interface 'wan'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option source '109.91.78.187'
        option gateway '109.91.76.1'
        option table '2'

It works now @lleachii. Thanks.

At the beginning I had problems, because I activated kill switch.
(Disable kill switch: Edit firewall rule "lan" and check "Allow forward to destination zones:" WAN WAN6)

I also tried vpnbypass package. It works too.

In my case is 192.168.1.205 SPA112 Phone Adapter (behind RT-AC56U router) and 192.168.100.1 Cable Router (in front of RT-AC56U router).

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.