I own a Linksys WRT1900ACS, and a NordVPN subscription. I used the instruction from here to set it up on my router, and it works without any issue.
For several reasons (Neflix on SmartTV, work comouter that does not connect correctly through VPN etc.) I need to route some of my devices outside of the VPN. I've assigned one of them a static IP, which also seems to work OK. Then, I've used this topic to set up the rule. Unfortunately, after adding the two additional sections to the /etc/config/network, the device does not connect to the outside network anymore for this device (but it does connect to the router). Other devices seem to still work fine, and go through VPN. Unfortunately, the thread is closed, so I cannot reply to it. Below is my /etc/config/network . Please let me know if there is any useful information I've missed to provide.
Hello and welcome Andy!
I don't think priority is needed in the rule. It will be assigned automatically.
In the static route you should use some gateway. If the gateway is not the same each time you connect, you can try to omit it. But gateway 0.0.0.0 means no gateway.
root@OpenWrt:~# ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
9: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.0.100/24 brd 192.168.0.255 scope global eth1.2
valid_lft forever preferred_lft forever
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
inet 10.7.3.4/24 brd 10.7.3.255 scope global tun0
valid_lft forever preferred_lft forever
root@OpenWrt:~# ip -4 ro list table all
default dev eth1.2 table 2 proto static scope link
0.0.0.0/1 via 10.7.3.1 dev tun0
default via 192.168.0.1 dev eth1.2 proto static src 192.168.0.100
10.7.3.0/24 dev tun0 proto kernel scope link src 10.7.3.4
128.0.0.0/1 via 10.7.3.1 dev tun0
192.168.0.0/24 dev eth1.2 proto kernel scope link src 192.168.0.100
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
212.7.222.61 via 192.168.0.1 dev eth1.2
broadcast 10.7.3.0 dev tun0 table local proto kernel scope link src 10.7.3.4
local 10.7.3.4 dev tun0 table local proto kernel scope host src 10.7.3.4broadcast 10.7.3.255 dev tun0 table local proto kernel scope link src 10.7.3.4
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.0.0 dev eth1.2 table local proto kernel scope link src 192.168.0.100
local 192.168.0.100 dev eth1.2 table local proto kernel scope host src 192.168.0.100
broadcast 192.168.0.255 dev eth1.2 table local proto kernel scope link src 192.168.0.100
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
root@OpenWrt:~# ip -4 ru
0: from all lookup local
1: from 192.168.1.100 lookup 2
32766: from all lookup main
32767: from all lookup default
root@OpenWrt:~#
Actually, this is an IP of another router, which I've used to connect without VPN until now. I've just got rid of it, and connected directly through my OpenWRT router instead. Now, the device (Smart TV) is able to connect to the internet, and it is outside of VPN (as nordvpn.com confirms).
However, I'm still not able to connect to Netflix, as I'm able to when going with the factory settings. I suspect still something is overwritten for that IP (192.168.1.100) by the VPN settings (DNS?). Here's the new output from the commands you provided earlier:
root@OpenWrt:~# ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
9: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 213.5.45.46/26 brd 213.5.45.63 scope global eth1.2
valid_lft forever preferred_lft forever
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
inet 10.7.0.7/24 brd 10.7.0.255 scope global tun0
valid_lft forever preferred_lft forever
root@OpenWrt:~# ip -4 ro list table all
default dev eth1.2 table 2 proto static scope link
0.0.0.0/1 via 10.7.0.1 dev tun0
default via 213.5.45.1 dev eth1.2 proto static src 213.5.45.46
10.7.0.0/24 dev tun0 proto kernel scope link src 10.7.0.7
128.0.0.0/1 via 10.7.0.1 dev tun0
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
212.7.222.61 via 213.5.45.1 dev eth1.2
213.5.45.0/26 dev eth1.2 proto kernel scope link src 213.5.45.46
broadcast 10.7.0.0 dev tun0 table local proto kernel scope link src 10.7.0.7
local 10.7.0.7 dev tun0 table local proto kernel scope host src 10.7.0.7
broadcast 10.7.0.255 dev tun0 table local proto kernel scope link src 10.7.0.7
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
broadcast 213.5.45.0 dev eth1.2 table local proto kernel scope link src 213.5.45.46
local 213.5.45.46 dev eth1.2 table local proto kernel scope host src 213.5.45.46
broadcast 213.5.45.63 dev eth1.2 table local proto kernel scope link src 213.5.45.46
root@OpenWrt:~# ip -4 ru
0: from all lookup local
1: from 192.168.1.100 lookup 2
32766: from all lookup main
32767: from all lookup default
No, i have the whole option gateway comented out now, as in my first post - so this is the ISP gateway then, i guess.
For the DNS, i've set the static IPs using LUCI, and it seems to have added an unnecessary option:
option dns '1'
I've commented it out just now and rebooted, the /etc/config/DHCP looks like the below. But it's still not working. Would sending the output of your three commands help? My TV is using the correct IP, but both automatically obtained gateway and DNS server are 192.168.1.1 (so my router). I would like to avoid changing the config on TV, instead I would like the router to push the correct DNS and gateway to the TV.
Gateway is pushed the router itself.
DNS is also pushed the router itself.
For that you need to add a tag. The dns option in the host config is irrelevant with what we want to do, you can leave it.
config host
option name 'TV-CABLE'
option dns '1'
option mac '50:56:BF:A7:EF:46'
option ip '192.168.1.100'
option leasetime '1d'
option tag 'novpn'
config tag 'novpn'
option dhcp_option '6,8.8.8.8,8.8.4.4'
You can use different DNS than the Google ones I used there. Basically you need to add the tag option and then define that this tag will provide the custom DNS. I think you cannot add that in Luci, so careful how you'll edit, or use uci.