Limit OpenVPN to one subnet

Installing and Using OpenWrt Network and Wireless Configuration
1

When I start the VPN it works. ALL traffic goes through the VPN. I only want one subnet to go through it.

How do I tell OpenVpn to only use one subnet?

OpenWrt 21.02.0 r16279-5cc0535800 / LuCI openwrt-21.02 branch git-21.231.26241-422c175

Wireless zones

  • Sid: 5gh radio (192.168.2.1)
  • Sid: 5gh-vpn vpn (192.168.3.1) alias of above

Three interfaces

  • radio
  • tun0
  • vpn

Firewall
tun0 -> wan
Mss clamping true
Masquerade true

3

:cry: I still haven't got the traffic going from one subnet into the tun0. :cry: What I have discovered so far.

  1. To stop the vpn from taking all traffic;
    pull-filter ignore redirect-gateway
    route-nopull
  2. OpenVPN instances must be enable (checked) and saved to start the ovpn file.

Troubleshooting

  • ssh root@192.168.1.1
    Run these two commands. You should see a different path
traceroute -4 news.google.com
traceroute -4 news.google.com -i tun0

Useful links

4
5

Hi @vgaetera

I finally got it working.

  1. I have to save and apply and restart the VPN policy to have an effect. Just save and apply doesn't reload/restart the policies.
  2. A problem with /etc/config/vpn-policy-routing
    BROKEN:
config policy
        option name 'Local Subnet'
        option src_addr '192.168.3.128/25'
        option interface 'tun0'
        option dest_addr '0.0.0.0/0'

This is the problem is option dest_addr '0.0.0.0/0' Simply remove the above line and it works fine. I.E. a rule with no dest_addr option

Also I don't know how I missed this link

6

@vgaetera How do I block traffic starting from the vpn server? E.G. I want all my traffic to flow through the vpn and come back BUT I don't want the vpn server to see or start sending unsolicited packets to my network.

7

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.