And tell me if you know, please. When the tunnel is up, the router is no longer accessible from the outside. This is understandable: packets arrive at the external interface and go along the default route to the tunnel. Everything works inside the local network, but outside ... Something I can't figure out yet what needs to be done. PBR is and works, but it is only for local. Need something like mac-based forwarding
I hope the access is allowed only from specific public IP addresses.
Try an ip rule / route combination.
Use the correct IP addresses of the WAN interface and gateway.
uci add network rule
uci set network.@rule[-1].lookup='100'
uci set network.@rule[-1].src='A.B.C.D/32' #IP address of the WAN interface. Do not forget /32
uci add network route
uci set network.@route[-1].target='0.0.0.0/0'
uci set network.@route[-1].table='100'
uci set network.@route[-1].interface='wan'
uci set network.@route[-1].gateway='A.B.C.E' #IP address of the WAN interface's gateway. Omit the /32
uci commit network
/etc/init.d/network restart
Hey! Everything turned out to be simpler (the weakest one reads the documentation =) On the client, it was necessary to enable
pull-filter ignore "route-gateway"
This way you route all outgoing traffic through the wan, not the vpn interface. If this was your goal, then you have found a solution.
In this case client uses tunnel ONLY for special network. You should configure PBR correctly, it works for wan perfectly. See chain specification.