I want that three different systems access the internet in different ways:
Name - Sys-IP - VPN - Interface
test100 - 192.168.1.100 - tun-vpncl - vpncl (should be default for all)
test101 - 192.168.1.101 - tun-vpnde - vpnde
test102 - 192.168.1.102 - novpn - wan
Approach
the Linksys 1900acs v2 got a clean install of openwrt 19.07.03.
additional software installed
openvpn-easy-rsa 3.0.4-1
openvpn-openssl 2.4.7-2
luci-app-openvpn 20.1555.55664
openssh-sftp-server 8.0p1-1
Update of all other packages and reboot
openvpn client config
I have used the openvpn files of my provider and added "pull-filter ignore redirect-gateway".
IP subnet is different. Both tcp connections can be established.
virtual network adapters
I added following and it seems to work:
How do I config the routing (table) for my setup?
I have tried different approaches but nothing worked so far. I only managed to configure that all the traffic is routed through one VPN connection. Of course, I am new with openwrt and there are many recommendations. So, what is the right or best approach to configure the routing for multiple VPNs?
So far I have already tried a couple of approaches, which I found in the internet.
This also includes the instructions of Leow Kah Man but even doing it twice from scratch did not work for me. The instructions are great but as a beginner with openwrt it seems I need more details;-)
That is why I am asking for what is the best approach and more details.
I think that is easier as posting all details from my mwan3 approach - expect you are interested in a longer description?
1 - default gateway (exit)
So far I have created a default rule that - if there is no other rule - everybody has to use VPNCL. I got the impression that this is a workaround and that there is (should?) somewhere in the openwrt configuration the possibility to set the default internet access e.g. to VPNCL (instead of WAN)!?
2- I am working with fixed IPs and wanted to avoid typing in each system the DNS IPs (I wanted only to use the routers IP as DNS on the client side and the router should replace the DNS with the correct one for a centralized administration). Can this be done in openwrt?
There is, ignore the default gateway from vpnde, accept the default gateway from vpncl.
Centralized administration -> DHCP
There are multiple instances of dnsmasq, but that would work for different interfaces, not different hosts.
DNShijacking does work, at least I have managed to hijack queries to GoogleDNS etc towards my Piholes. So I don't see why you cannot do the same with the NS outside of your network.