I would like to open a vpn connection from OpenWrt to a remote fritzbox.
The vpn connection should only be used for the traffic to the remote devices and NOT for all the traffic. And that's my problem. My vpn forwards all the traffic to the remote firtzbox... so my ip changes as well.
A rough overview what I did:
- I use OpenWrt snapshot release for Raspberry Pi 4B (I am prototyping and will move to another router later)
- I use vpnc (it seems to be the only option for fritzbox)
- I used the manual: https://www.sebastianklein.de/blog/vpn-zwischen-lede-openwrt-und-fritzbox-via-luci/
- and the "Network-Firewall"+"In zones"-part from https://forum.gl-inet.com/t/vpn-tunnel-to-fritzbox-via-ipsec-ikev1-with-mutual-psk-and-xauth/6337/3
In the end it looks like this:
cat /etc/config/network config interface 'bvpn' option proto 'vpnc' option server '...' option interface 'wan' option username '...' option password '...' option authgroup '...' option passgroup '...' option dh_group 'dh2' option pfs 'nopfs' option natt_mode 'natt' option target_network '0' #option target_network '192.168.179.0/255.255.255.0'
I added the #comment in the last line because this was the most promissing config I could find in the doc. Btw: For some reason LUCI wasn't able to allow "/" syntax. I also tried with normal CIDR.
I also played around with some other settings but no success, especially in the firewall setting with "Covered subnets".
How can I limit the traffic of the vpn to the remote fritzbox (similar to "AllowedIPs" in Wireguard)?