Struggling a bit here with my Openvpn setup where I would like to route/nat only one of my VLANs throught the Openvpn link.
I (finally) found out that I needed to add route_nopull and route_noexec in order to ignore the routes pushed by my VPN provider, otherwise all traffic was routed through the VPN.
And now, it looks like I need to create a custom route-up script in order to add the VPN route (pushed by the provider) only to the VLAN I want.
Anyone can help with this please ?
My vlan interface is eth0.3 (192.168.2.0/24)
My vpn interface is tun0
Thanks for your reply, but can't find the vpn-policy-routing package.
There must be another way
Try something like this:
option src '192.168.2.0/24'
option lookup '100'
config route 'vpn'
option 'interface' 'vpn'
option 'target' '0.0.0.0'
option 'netmask' '0.0.0.0'
option 'table' '100'
Change the vpn to the name of the interface you have in uci for tun0.
Seems to be working:
config interface 'vps'
option ifname 'tun0'
option proto 'static'
option ipaddr '10.0.20.2'
option netmask '255.255.255.252'
config route 'vpn_test'
option interface 'vps'
option target '172.16.16.0'
option netmask '255.255.255.0'
option table '111'
Restart network and voila:
root@xeli:~# /etc/init.d/network restart
root@xeli:~# ip ro ls ta 111
172.16.16.0/24 dev tun0 proto static scope link
This doesn't seem to be working for me.
The problem with my VPN provider is that it has some kind of round robin dns on the remote server name and each time I connect I get a different server IP and route.
I'm afraid the only way is to use the route-up script where OpenVPN sends the route to the script, and from there create the appropriate routing config for my vlan.
Found something interesting here, will take a look and report if it worked
This may be of help.... work in progress and based on VPNBYPASS...
Has most of the nuts and bolts to mess around with.
edit: remove bulky same script... better options available
The tutorial I mentioned earlier helped a lot, not perfect but it worked.
I will post the steps I did if someone is interested
please post the steps, would be of great help
@ejalal interested for the steps as well
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.