One VLAN via WAN, another VLAN via TUN ? Static Route?

Hi there,

Simple situation:
I have two VLAN, on the lan side example: eth0.20=HOME(10.20.0.0/16) and eth0.30=OFFICE (10.30.0.0/16).

I have a working WAN(192.168.1.0/24)

I have a working openVPN client on the openWRT router which create a TUN interface.
I set "redirect gateway" in the openVPN config so all the traffic is going via the TUN0(10.8.0.0/24) interface.

My routing table is:
Destination Gateway Mask Iface
0.0.0.0------------10.8.0.1-----------128.0.0.0------------tun0
0.0.0.0------------192.168.1.1-------0.0.0.0--------------wan
10.20.0.0------------------------------255.255.255.0-----eth0.20
10.30.0.0---------
---------------------255.255.255.0-----eth0.30

I allow forward from HOME to WAN and VPN and OFFICE to WAN and VPN.

Actual behavior: ALL the internet traffic is routed via TUN0.

Now what I want:
Firewall : Allow routing from HOME to WAN only (done)
Firewall : Allow routing from OFFICE to TUN only (done)
Route : Set WAN as default gateway for HOME
Route : Set VPN as default gateway for OFFICE

I can't figure out how to do that.

Thanks by advance,
RAF

1 Like
1 Like

OK thanks for the quick answer, I'll check Policy-Based-Routing.

Beside, I'm able to apply a static route for a destination host but not for a 0.0.0.0.0 network.

I guess this is not possible to solve with just static routes.
You need to utilize different routing tables with IP rules that is known as policy-based routing.
The VPN-PBR app helps to automate and manage these things.

1 Like

Vgaetera,

Thanks a lot, the VPN-Policy-Routing App is perfect !
Very quick to make it working, simple for simple situation.

Just another issue:
If I set an interface to use WAN as default gateway, I'm no more able to contact (ping) the VPN subnet from this interface.
Traceroute show the packet is routing to the default gateway (WAN) and not via the VPN interface as it must be, it's strange because I can ping all other allowed Vlan subnet.
So I think, as it a brand new routing table I have to set a route for the VPN subnet.

To be clear, I need to use WAN as default Gateway and also access to the VPN subnet.
How to show/modify the policy based routing table ?

1 Like

Add a rule to route packets destined to VPN subnet via VPN interface.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.