Limit OpenVPN to one subnet

When I start the VPN it works. ALL traffic goes through the VPN. I only want one subnet to go through it.

How do I tell OpenVpn to only use one subnet?

OpenWrt 21.02.0 r16279-5cc0535800 / LuCI openwrt-21.02 branch git-21.231.26241-422c175

Wireless zones

  • Sid: 5gh radio (192.168.2.1)
  • Sid: 5gh-vpn vpn (192.168.3.1) alias of above

Three interfaces

  • radio
  • tun0
  • vpn

Firewall
tun0 -> wan
Mss clamping true
Masquerade true

:cry: I still haven't got the traffic going from one subnet into the tun0. :cry: What I have discovered so far.

  1. To stop the vpn from taking all traffic;
    pull-filter ignore redirect-gateway
    route-nopull
  2. OpenVPN instances must be enable (checked) and saved to start the ovpn file.

Troubleshooting

  • ssh root@192.168.1.1
    Run these two commands. You should see a different path
traceroute -4 news.google.com
traceroute -4 news.google.com -i tun0

Useful links

(post deleted by author)

Hi @vgaetera

I finally got it working.

  1. I have to save and apply and restart the VPN policy to have an effect. Just save and apply doesn't reload/restart the policies.
  2. A problem with /etc/config/vpn-policy-routing
    BROKEN:
config policy
        option name 'Local Subnet'
        option src_addr '192.168.3.128/25'
        option interface 'tun0'
        option dest_addr '0.0.0.0/0'

This is the problem is option dest_addr '0.0.0.0/0' Simply remove the above line and it works fine. I.E. a rule with no dest_addr option

Also I don't know how I missed this link

@vgaetera How do I block traffic starting from the vpn server? E.G. I want all my traffic to flow through the vpn and come back BUT I don't want the vpn server to see or start sending unsolicited packets to my network.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.