Simple situation:
I have two VLAN, on the lan side example: eth0.20=HOME(10.20.0.0/16) and eth0.30=OFFICE (10.30.0.0/16).
I have a working WAN(192.168.1.0/24)
I have a working openVPN client on the openWRT router which create a TUN interface.
I set "redirect gateway" in the openVPN config so all the traffic is going via the TUN0(10.8.0.0/24) interface.
My routing table is: Destination Gateway Mask Iface
0.0.0.0------------10.8.0.1-----------128.0.0.0------------tun0
0.0.0.0------------192.168.1.1-------0.0.0.0--------------wan
10.20.0.0------------------------------255.255.255.0-----eth0.20
10.30.0.0------------------------------255.255.255.0-----eth0.30
I allow forward from HOME to WAN and VPN and OFFICE to WAN and VPN.
Actual behavior: ALL the internet traffic is routed via TUN0.
Now what I want:
Firewall : Allow routing from HOME to WAN only (done)
Firewall : Allow routing from OFFICE to TUN only (done)
Route : Set WAN as default gateway for HOME
Route : Set VPN as default gateway for OFFICE
I guess this is not possible to solve with just static routes.
You need to utilize different routing tables with IP rules that is known as policy-based routing.
The VPN-PBR app helps to automate and manage these things.
Thanks a lot, the VPN-Policy-Routing App is perfect !
Very quick to make it working, simple for simple situation.
Just another issue:
If I set an interface to use WAN as default gateway, I'm no more able to contact (ping) the VPN subnet from this interface.
Traceroute show the packet is routing to the default gateway (WAN) and not via the VPN interface as it must be, it's strange because I can ping all other allowed Vlan subnet.
So I think, as it a brand new routing table I have to set a route for the VPN subnet.
To be clear, I need to use WAN as default Gateway and also access to the VPN subnet.
How to show/modify the policy based routing table ?