Hi,
I have a TP-Link 1043nd running Barrier Breaker r36139.
OpenVPN is installed and running.
I start OpenVPN using this line in rc.local:
/usr/sbin/openvpn --cd /etc/openvpn --daemon --config /etc/openvpn/mullvad_linux.conf &
What currently happens is that all network traffic is routed through tun0. I want my normal network traffic to go through the normal WAN, my ISP's ip address. Only one LAN ip (and preferably only certain ports e.g. 192.168.1.3:1234) should go through tun0.
How do I configure that?
This is my network file:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0.1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
config interface 'wan'
option ifname 'eth0.2'
option type 'bridge'
option _orig_ifname 'eth0.2'
option _orig_bridge 'true'
option proto 'dhcp'
option peerdns '0'
option dns '8.8.8.8 8.8.4.4'
config switch
option reset '1'
option enable_vlan '1'
option name 'switch0'
config switch_vlan
option vlan '1'
option ports '1 2 3 4 5t'
option device 'switch0'
config switch_vlan
option vlan '2'
option ports '0 5t'
option device 'switch0'
config interface 'vpn_interface'
option proto 'none'
option ifname 'tun0'
option auto '1'
This is my firewall file:
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '9091'
option dest_ip '192.168.1.3'
option dest_port '9091'
option name 'NAS bittorrent webUI'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '2222'
option dest_ip '192.168.1.3'
option dest_port '2222'
option name 'NAS SSH'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '1723'
option dest_port '1723'
option name 'NAS bittorrent poort'
option dest_ip '192.168.1.3'
config forwarding
option dest 'wan'
option src 'lan'
config zone
option name 'vpn_zone'
option masq '1'
option network 'vpn_interface'
option output 'ACCEPT'
option input 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option dest 'lan'
option src 'vpn_zone'
config forwarding
option dest 'vpn_zone'
option src 'lan'