good morning everyone, in anticipation of the update to version 22.03 I would like to set a static route to direct the traffic of a single interface via vpn. the default gateway remains wan. currently to do this I use pbr which, however, is not fully compatible with fw4. any help is appreciated. thanks
The typical VPN pbr option with outdated iptables reliance is not needed for such things anymore with netifd VPN pbr support in OpenWrt/LuCi:
It's not that well documented but when setup as I have written above you can easily create custom rules in LuCi to direct traffic as desired.
3 Likes
Thank you for your help, this solution works really well and is super easy to set up.
Anyway I would like to ask you a couple of questions regarding the configuration of the other interfaces and security.
okay if I set the routing only for the vpn interface leaving the rest by default?
Testing everything seems to work as it should.
The second question is about the firewall, using netifd instead of pbr does something at the level of killswitch vpn? my firewall is set up like this.
Thank you.
If I understand you correctly you want to ensure the only way for traffic to get out is via VPN.
I think you have that but I'd feel more comfortable with @trendy or @patrakov taking over to help you verify this.
My approach to this would be via mwan3.
no, I think I explained myself badly, the traffic generated by the LAN interface must go out the vpn while iot and home from the wan (so from my isp). verifying the ip actually the interfaces get the correct public ip. my question refers to the Killswitch in case the vpn goes down, usually with pbr and the firewall set as in the picture if this happened the clients connected to the vpn lost the connection. I would like the same thing to happen now.
Still, one of the possible answers is mwan3. It can function as a kill switch. You create two policies, wan_only and vpn_only, and some rules that decide what to use based on the source IP.
1 Like
thank you. i have never used mwan3, i will take a look at it. I insist on using the firewall only because I want to keep the system as simple as possible. anyway thank you
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.