When I start the VPN it works. ALL traffic goes through the VPN . I only want one subnet to go through it.
How do I tell OpenVpn to only use one subnet?
OpenWrt 21.02.0 r16279-5cc0535800 / LuCI openwrt-21.02 branch git-21.231.26241-422c175
Wireless zones
Sid: 5gh radio (192.168.2.1)
Sid: 5gh-vpn vpn (192.168.3.1) alias of above
Three interfaces
Firewall
tun0 -> wan
Mss clamping true
Masquerade true
I still haven't got the traffic going from one subnet into the tun0
. What I have discovered so far.
To stop the vpn from taking all traffic;
pull-filter ignore redirect-gateway
route-nopull
OpenVPN instances must be enable (checked) and saved to start the ovpn file.
Troubleshooting
ssh root@192.168.1.1
Run these two commands. You should see a different path
traceroute -4 news.google.com
traceroute -4 news.google.com -i tun0
Useful links
Hi @vgaetera
I finally got it working.
I have to save and apply and restart the VPN policy to have an effect. Just save and apply doesn't reload/restart the policies.
A problem with /etc/config/vpn-policy-routing
BROKEN:
config policy
option name 'Local Subnet'
option src_addr '192.168.3.128/25'
option interface 'tun0'
option dest_addr '0.0.0.0/0'
This is the problem is option dest_addr '0.0.0.0/0'
Simply remove the above line and it works fine. I.E. a rule with no dest_addr option
Also I don't know how I missed this link
@vgaetera How do I block traffic starting from the vpn server? E.G. I want all my traffic to flow through the vpn and come back BUT I don't want the vpn server to see or start sending unsolicited packets to my network .
system
Closed
October 14, 2021, 12:41pm
7
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.