Hey Iam new and my English is not very well, sorry.
My Setup: Internet -> (Router(Fritzbox) 10.4.4.1) -> (OpenWRT lan 10.4.4.15) -> (OpenWRT VPNClient 10.8.8.100)
Port Porwarding on Router(Fritzbox) with success. The Port is 63015
What i want:
Connect from Public IP over Fritzbox to OpenWRT-Router-Services.
What is the Problem:
Connection success if OpenVPN Client stop.
If the OpenVPN Client is online there is no connection from a public adress available.
This was the standard configuration of the OpenVPN Client because every outgoing connection was routet over the VPN.
So i need a VPN Bypass from incoming connections port 63015.The Problem ist that the incoming IP change and this makes it difficult to make an firewall Roule...
Solution Idea: I tried to mark the incoming Port with this Script in my Firewall User and bypass this traffic out of the vpn:
echo 30 bypass >> /etc/iproute2/rt_tables #=> i do this only one time not in the Firewall user...
#route iptable "bypass" over br-lan und not over vpn
ip route add 10.4.4.0/24 dev br-lan table bypass
#give the table the defoult-route (router fritzbox)
ip route add default via 10.4.4.1 dev br-lan table bypass
#write marked pakets toTable bypass
ip rule add fwmark 1 table bypass
#mark incoming pakets with port 63015
iptables -t mangle -A PREROUTING -p tcp --sport 63015 -j MARK --set-mark 1
=> no sucess with this solution
With my Synology I have no problem, because i can mark in the setup of the vpn-client, that incoming request answered by the same interface. In openwrt i have not found this feature.
Pls answer to me very detail because my linux-skills are like skript-kiddy-skills
best regards and merry christmas