And tell me if you know, please. When the tunnel is up, the router is no longer accessible from the outside. This is understandable: packets arrive at the external interface and go along the default route to the tunnel. Everything works inside the local network, but outside ... Something I can't figure out yet what needs to be done. PBR is and works, but it is only for local. Need something like mac-based forwarding
I hope the access is allowed only from specific public IP addresses.
uci add network rule uci set network.@rule[-1].lookup='100' uci set network.@rule[-1].src='A.B.C.D/32' #IP address of the WAN interface. Do not forget /32 uci add network route uci set network.@route[-1].target='0.0.0.0/0' uci set network.@route[-1].table='100' uci set network.@route[-1].interface='wan' uci set network.@route[-1].gateway='A.B.C.E' #IP address of the WAN interface's gateway. Omit the /32 uci commit network /etc/init.d/network restart
Hey! Everything turned out to be simpler (the weakest one reads the documentation =) On the client, it was necessary to enable
pull-filter ignore "route-gateway"
This way you route all outgoing traffic through the wan, not the vpn interface. If this was your goal, then you have found a solution.
In this case client uses tunnel ONLY for special network. You should configure PBR correctly, it works for wan perfectly. See chain specification.