Hello,

the aim:
setting up an VPN tunnel for a SIP VoIP device.

done so far:
VLAN ID 2 with only one member (Port 0 the sip gadget)
INTERFACE SIP with eth0.2 (The VLAN ID 2)
Firewallzone for SIP (UDP ports 5600, 5604, 3478, and DNS 53 allowed)

works well.
Then setting up the client as written here:
http://wiki.openwrt.org/doc/howto/vpn.client.vpnc

works well, put catches all the outgoing connections
xxx.xxx.xxx.0     xxx.xxx.xxx.1   255.255.255.255 UGH   0      0        0 eth1

What do I have to do that vpnc only routes the packages from an to INTERFACE SIP eth0.2?

well, it probably needs a second gateway.

so I followed http://wiki.openwrt.org/doc/networking/routing a bit. (vpnc not started)
making a table for vpn:

/etc/iproute2/rt_tables

#
# reserved values
#
255  local
254  main
253  default
10   vpn
0    unspec
#
# local
#
#1   inr.ruhelp

route del -net 192.168.5.0/24
ip route add 192.168.5.0/24 dev eth0.2 src 192.168.5.1 table vpn
where 192.168.5.1 is the SIP device
ip rule add from 192.168.5.0/24 table vpn
ip rule add to 192.168.5.0/24 table vpn

ip route add default via xxx.xxx.xxx.1 dev eth1 table vpn
//where xxx. is the same default gatway for table main
ip route flush cache

next step to change  /etc/vpnc/vpnc-script or so to get the default vpn route on table vpn

edit: correct netmasks

(Last edited by schasoli on 10 Apr 2015, 17:53)

solved: vpn tunnel only for devices at the "sip Port"
added a new variable table=" table sip" to vpnc-script
added $table wherever a route is added, deleted or replaced.

Not testet for IPv6

# =========== route handling ====================================
table=" table sip"
...
        set_vpngateway_route() {
                $IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output` $table
                $IPROUTE route flush cache
        }
.... an so on until
# =========== resolv.conf handling ====================================

(Last edited by schasoli on 11 Apr 2015, 12:00)