8413 questions

9899 answers

15703 comments

14199 members

0 votes
553 views 1 comments
by

Hi,

If a activate a VPN tun client a route is created from 192.168.1.0/24 network ito the P-to-P tunnel tun_c_EnTS. (s. below)

Of course the router and devices locally are not able to talk to each other anymore in the standad LAN configuration (br-lan 192.168.1.1).

How and why this route is created if the VPN client is activated? The route disapears  if I turn the VPN client off again.

Regards

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         10.49.101.166   0.0.0.0         UG    0      0        0 wwan0

10.1.3.0        172.27.0.13     255.255.255.0   UG    0      0        0 tun_c_EnTS

10.49.101.164   *               255.255.255.252 U     0      0        0 wwan0

10.49.101.166   *               255.255.255.255 UH    0      0        0 wwan0

172.27.0.0      172.27.0.13     255.255.192.0   UG    0      0        0 tun_c_EnTS

172.27.0.1      172.27.0.13     255.255.255.255 UGH   0      0        0 tun_c_EnTS

172.27.0.13     *               255.255.255.255 UH    0      0        0 tun_c_EnTS

172.27.64.0     172.27.0.13     255.255.192.0   UG    0      0        0 tun_c_EnTS

192.168.0.0     *               255.255.255.0   U     0      0        0 br-lan

192.168.1.0     172.27.0.13     255.255.255.0   UG    0      0        0 tun_c_EnTS

2 Answers

0 votes
by

Hi,

It looks like the OpenVPN client (your router) is simply receiving routes that the OpenVPN server is pushing. Either that, or you have specified 192.168.1.0/24 as the remote network in your OpenVPN configuration.

OpenVPN servers can also push other settings besides routes. To select which settings should be ignored on the client side, you can use the OpenVPN pull-filter ignore or pull-filter accept options. You can add options from the WebUI, the "Extra options" field in the OpenVPN configuration.

For example, if you need to ignore all routes pushed by the server, use:

  • pull-filter ignore "route"

For reference, please check the manual on the OpenVPN website. I found the options and more related usage information there.

Good luck!

Best answer
0 votes
by
Best guess: IF the VPN tunnel is active, router will route all outbound traffic over the VPN - need a route entry for this.
Unlike pfSense - that I understand much better - you apparently do not manually create a route, specifying which traffic goes to the tunnel.

Once the VPN is disable, this route is removed - or no traffic will be forwarded. Which may be what you want to prevent non VPN traffic.

I do not get this dynamic way of handling routes. Only LAN to WAN traffic should be sent to the tunnel - and - we should be able to configure split tunneling, excluding certain source or destination IP's from the VPN tunnel.

Have not found a way to create new FW rules in the GUI - think I may have to use a command line interface.
by

Hi Mike_DK,

The route is created automatically if the VPN client is set to be active.

Just to clarify the LAN interface of the router is set to 192.168.0.1 and the LAN network is  192.168.0.0/24.

root@Teltonika-RUT955:~# ifconfig

br-lan    Link encap:Ethernet  HWaddr 00:1E:42:23:E6:C0

          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:13007 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3337 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:3661630 (3.4 MiB)  TX bytes:835583 (815.9 KiB)

 

So why traffic from a network 192.168.1.0/24 which does not exit should be forwarded into the tunnel device?