Transfer lan traffic from vpn and internal default routes continue on wan

I want to pass the traffic of users connected to the router from vpn (pptp or l2tp) but the default openwrt routes will still be passed from wan
How should I do this?

I investigated this but there was no way to transfer user traffic from vpn and default route on wan

Your request is rather vague, but I think you are referring to a need to have two different upstream gateways; one the VPN for VPN traffic in, and one for the default gateway for other traffic.

In linux, generally, you can do this using a combination of iptables, ip route, and ip rule. All of this is supported, to the best of my knowledge, in openwrt.

I do something similar on my workstation; all traffic on my workstation is routed out through a VPN gateway, which means my traffic is all routed through a gateway on a RPI that maintains a VPN tunnel (using protonvpn) but I do also allow incoming SSH connections to my workstation that are routed through the default gateway. The rules that permit this behavior are these - and I have them in a script that I usually run at startup (I won't detail them, you can look it up):

#inbound SSH traffic will arrive on the LAN default gateway
#this script reroutes all reply traffic out the LAN default
#gateway.  Without this script, it all will go out the dadsbox
#default gateway, which is the VPN proxy.

#echo "201 sshtraffic" >> /etc/iproute2/rt_tables

ip route add default table sshtraffic via 192.168.2.1
ip rule add fwmark 1 table sshtraffic
iptables -t mangle -A OUTPUT ! -d 192.168.0.0/16 -p tcp -m tcp --sport 22 -j MARK --set-mark 1

The echo 201... needs to run exactly once, which is why it is commented out. The iptables rule modified outbound ssh traffic that is not destined for the LAN. The ip rule command looks for the modified ssh traffic (with a set-mark) and directs it to a table named sshtraffic, and the iproute add command routes traffic that comes through the sshtraffic out the default gateway and not the vpn gateway.

Hope this helps.

1 Like

My problem is that I have a service on the operating system that needs to be wan as my default operating system path
I also need the user to connect to the router with a lan cable to pass through its traffic via vpn

Hello friends
I solved this case in another way. I wrote different policies with dynamic routes that can keep the default routes on the OS but pass clients through the vpn route
I will write a comprehensive solution here soon