Hello, I just want to understand how interfaces in LuCi work and how the router tunnels traffic through them.
I have the default wan interface which gives me the modem's internet, and I have a VPN interface that is the current default gateway and gives me a commercial VPN IP address.
The issue now is that since the default gateway is VPN, it seems that the whole router uses it and when I try to connect another interface (i.e VPN2) it connects through the former VPN interface which is undesirable. Is it possible to connect two different interfaces through wan and then use them as gateways to different clients using PBR? I'll try to simplify and illustrate what I want in the diagram below:
Thanks!
Yes.
Simply set traffic from one interface/SRC to use a certain outbound interface. I use this to router traffic thru various VPNs and tunnels all the time.
Since I do not use the PBR app, I apologize I cannot be specific regarding configs. I simply use IP Routes and IP Rules to make my own policies. I'm sure others can chime in with PBR-specific information.
2 Likes
Disable the default gateway(s) of your VPN(s) and then use PBR depending on your needs.
https://docs.openwrt.melmac.net/pbr/#a-word-about-default-routing
3 Likes
I'm using an SSTP connection for my VPN interface. I did disable the default gateway option for it and now, I only get internet from the wan interface. Whenever I add a policy to route traffic to the VPN interface using PBR, it gives me a warning message: "please unset src_addr, src_port and dest_addr for policy lantovpn" and an error message: Unknown error.
I thought it was simple, but I don't know what I'm doing wrong
I tested an SSTP client in combination with PBR and to get it to work I had to add the interface name to the list of supported interfaces.
EDIT:
Just to clarify I got different errors:
Routing 'sstp_test' via sstp [✗]
...
ERROR: Policy 'sstp_test' has an unknown interface!
1 Like
I don't have anything added to supported interfaces as PBR already recognizes my 2 interfaces: wan and VPN
it just gives me Unknown error! I don't know what to do
Please post the output of:
uci show pbr; service pbr restart; service pbr status
Redact the public IPs, if any.
1 Like
I've stopped working with PBR now as it is throwing a lot of errors even when I keep my previous configuration. I'm trying to make this work using static routes for now. Any ideas?
Do you mean by using static routes? Or there's another way?
I tried to use static routes with different metrics, but it requires a gateway to set for that interface. For the wan interface I know it is 192.168.1.1 and it's working, as for the VPN interface I don't know what gateway to use. the SSTP client gives me a remote IP address and a local IP address which both don't work if I define them as gateways.
Ok, so now I've setup my routing for the VPN interface afte disabling its default gateway and without PBR. What I've done is to give the route to VPN a metric of 10 and the route to wan a metric of 20 (in case VPN interface disconnects I still get wan internet). Now, I want another lan interface (lan2) to directly connect to wan, and it's only allowed wan in the firewall. But, the problem currently is: router has both routes activated and normally when VPN is up, it routes to that interface (because it has lower metric) and lan2 isn't allowed to VPN in the firewall so as a result, lan2 doesn't get internet connection.
Maybe I can split the wan interface to apply different routes with different metrics?
- I've never used metrics to do what you desire
- Layer 3 tunnels don't need a gateway specified, I'm not familiar with SSTP
I assume you mean my statement:
See:
1 Like
So you are back where you started from 
As already stated:
Make sure the pbr service is stopped.
Disable the default gateway on the VPN interface and create a simple ip rule/route combination:
config rule
option in 'lan'
option lookup '102'
config route
option interface 'vpn' # Correct logical vpn interface name here
option target '0.0.0.0/0'
option table '102'
This way lan will use the vpn, but the router itself and any other defined networks will use wan.
Use ip ru and ip ro li ta 102 to check the configuration.
1 Like
Yes, this worked!
I'm starting to understand Openwrt and it's potential.
Thanks
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.