8413 questions

9899 answers


14199 members

0 votes
553 views 1 comments


If a activate a VPN tun client a route is created from network ito the P-to-P tunnel tun_c_EnTS. (s. below)

Of course the router and devices locally are not able to talk to each other anymore in the standad LAN configuration (br-lan

How and why this route is created if the VPN client is activated? The route disapears  if I turn the VPN client off again.


Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         UG    0      0        0 wwan0   UG    0      0        0 tun_c_EnTS   *      U     0      0        0 wwan0   *      UH    0      0        0 wwan0   UG    0      0        0 tun_c_EnTS UGH   0      0        0 tun_c_EnTS     *      UH    0      0        0 tun_c_EnTS   UG    0      0        0 tun_c_EnTS     *        U     0      0        0 br-lan   UG    0      0        0 tun_c_EnTS

2 Answers

0 votes


It looks like the OpenVPN client (your router) is simply receiving routes that the OpenVPN server is pushing. Either that, or you have specified as the remote network in your OpenVPN configuration.

OpenVPN servers can also push other settings besides routes. To select which settings should be ignored on the client side, you can use the OpenVPN pull-filter ignore or pull-filter accept options. You can add options from the WebUI, the "Extra options" field in the OpenVPN configuration.

For example, if you need to ignore all routes pushed by the server, use:

  • pull-filter ignore "route"

For reference, please check the manual on the OpenVPN website. I found the options and more related usage information there.

Good luck!

Best answer
0 votes
Best guess: IF the VPN tunnel is active, router will route all outbound traffic over the VPN - need a route entry for this.
Unlike pfSense - that I understand much better - you apparently do not manually create a route, specifying which traffic goes to the tunnel.

Once the VPN is disable, this route is removed - or no traffic will be forwarded. Which may be what you want to prevent non VPN traffic.

I do not get this dynamic way of handling routes. Only LAN to WAN traffic should be sent to the tunnel - and - we should be able to configure split tunneling, excluding certain source or destination IP's from the VPN tunnel.

Have not found a way to create new FW rules in the GUI - think I may have to use a command line interface.

Hi Mike_DK,

The route is created automatically if the VPN client is set to be active.

Just to clarify the LAN interface of the router is set to and the LAN network is

root@Teltonika-RUT955:~# ifconfig

br-lan    Link encap:Ethernet  HWaddr 00:1E:42:23:E6:C0

          inet addr:  Bcast:  Mask:


          RX packets:13007 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3337 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:3661630 (3.4 MiB)  TX bytes:835583 (815.9 KiB)


So why traffic from a network which does not exit should be forwarded into the tunnel device?