root@OpenWrt:~# /etc/init.d/vpn-policy-routing restart
Creating table 'wan/pppoe-wan/ [✓]
Creating table 'nordvpntun/tun0/ [✓]
Routing 'Laptop (wifi) ' via wan [✓]
Routing 'Laptop (ethernet)' via wan [✓]
Routing 'Synology NAS' via wan [✓]
Routing 'Plex' via wan [✓]
Routing 'Synology services' via wan [✓]
Routing 'Wiser Heat' via wan [✓]
RTNETLINK answers: File exists
[✗]
vpn-policy-routing 0.2.1-13 started with gateways:
wan/pppoe-wan/
nordvpntun/tun0/ [✓]
ERROR: Error running custom user file '/etc/vpn-policy-routing.custom.user'
vpn-policy-routing 0.2.1-13 monitoring interfaces: wan nordvpntun .
root@OpenWrt:~# ip route show table 201
default via dev pppoe-wan
10.10.3.0/24 dev br-WRT_Guest proto kernel scope link src 10.10.3.1
192.168.5.0/24 dev eth0.5 proto kernel scope link src 192.168.5.1
In theory, all traffic now from VLAN 5 should now pass through WAN right if I am understanding correctly?
I have no way easily checking if it behaving as expected. However, it looks like all traffic on br-WRT guest should also go through WAN. But when I test it, it is going through the VPN.
To know where to send packets destined for 192.168.5.0/24 when host is classified to routing table 201. If it is not in the routing table, it will be sent to default gateway.
Thanks. This makes sense and I am able to implement the second option but would prefer the first option.
How do I find the VPN table number since it isn't listed under /etc/iproute2/rt_tables?
So VPN is routing table 202 it seems. So I created a route on table 202 similar to the following for WRT_Guest just as a proof of concept but with no luck:
This static route is very wrong. You add a default route (0/0) egress Guest interface via the wan gateway IP in table 202.
If some network is missing from the rt 202 then you need to add it without gateway, but with proper interface (WRT_Guest), target (192.168.5.0) and netmask (255.255.255.0).
Yes, I did but I had it disabled which explains a lot! BUT whilst traffic from VOIP and WRT_Guest does now go through WAN when VPN is active and thus the default gateway, I am still unable to administrate the client in the VOIP vlan, which is the original reason for the thread.