Hello,

I have a TP Link WDR 3600 using OpenWrt 14.07 BB. I have installed and configured OpenVPN running as a client on the router. Now I want that the router does not access the internet WITHOUT the OpenVPN Tunnel running. I do not know how to configure the firewall to do so. Is there anyone who can help me with that?

This is what I do on my project. I use OpenVPN too

####
opkg update && opkg install ip

# Turn off reverse path filtering for all interfaces
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 0 > $i ; done

vi /etc/iproute2/rt_tables
#
# reserved values
#
255    local
254    main
253    default
0    unspec
#
# local
#
#1    inr.ruhep
101    vpnbypass  # Add this, you can use any number and name and IT MUST the same all the time.

# Adds a default route to new routing table called vpnbypass
localip=$(ifconfig | grep -A 1 "br-lan" | grep "inet" | cut -d ":" -f 2 | cut -d " " -f 1)
ip route add default table vpnbypass via $localip
## On $localip you may set your default IP route.

# Add rule so that any package with mark set goes to vpnbypass routing table
ip rule add fwmark 1 table vpnbypass

# Clear the routing cache
ip route flush cache

#####################
# All packets are marked and therefore bypass VPN
iptables -t mangle -A PREROUTING -i br-lan -j MARK --set-mark 1
#Remove
## iptables -t mangle -D PREROUTING -i br-lan -j MARK --set-mark 1
#####################

#################################
# Now add rules to unmark to use VPN

# EG icmp via VPN
iptables -t mangle -A PREROUTING -i br-lan -p icmp -j MARK --set-mark 0

# EG udp via VPN
iptables -t mangle -A PREROUTING -i br-lan -p udp -j MARK --set-mark 0

# EG Web browsing via VPN
iptables -t mangle -A PREROUTING -i br-lan -p tcp --dport 80 -j MARK --set-mark 0

# EG web browsing from specific computer via VPN
iptables -t mangle -A PREROUTING -i br-lan -s 192.168.1.xxx -p tcp --dport 80 -j MARK --set-mark 0