8355 questions

9839 answers

15618 comments

14039 members

0 votes
119 views 3 comments
by

Hello,

On a RUT950 that access internet with a 4G private ip address, i have a working OpenVPN client connection that i've set up with a .ovpn file.

I want to use it only for some devices on the LAN, so i followed this guide: https://wiki.teltonika-networks.com/view/OpenVPN_traffic_split

After performing all the steps, all devices on LAN still use the VPN.

Is there any other command that i need to do?

Thank you very much!

1 Answer

0 votes
by
Hello,

It looks like a route may not be right, what are the IP addresses you want to be go via the VPN and the addresses you want to go straight through the wan ? And coud you execute "ip route show table 5" (or whatever value you have used instead of 5) ?

Regards,
by

Hi, 

I would that 192.168.1.128/25 addresses don't use VPN, same as shown in the guide:  https://wiki.teltonika-networks.com/view/OpenVPN_traffic_split

Here's my "ip route show table 5":

root@Teltonika-RUT950:~# ip route show table rt
default via 10.8.0.2 dev tun0  proto static 

My "ip rule":

root@Teltonika-RUT950:~# ip rule
0:     from all lookup local 
10:    from 192.168.1.128/25 iif br-lan lookup rt 
32766: from all lookup main 
32767: from all lookup default 

My "ip route" :

root@Teltonika-RUT950:~# ip route
0.0.0.0/1 via 10.8.0.1 dev tun0
default via 10.150.10.234 dev wwan0  proto static  src 10.150.10.233
10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.2
10.150.10.232/30 dev wwan0  proto kernel  scope link  src 10.150.10.233
VPN SERVER PUBLIC IP via 10.150.10.234 dev wwan0
128.0.0.0/1 via 10.8.0.1 dev tun0
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1 

And My "ifconfig":

root@Teltonika-RUT950:~# ifconfig 
br-lan    Link encap:Ethernet  HWaddr 00:1E:42:20:76:F6  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1005955 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2545635 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:77261939 (73.6 MiB)  TX bytes:3410079214 (3.1 GiB)

eth0      Link encap:Ethernet  HWaddr 00:1E:42:20:76:F6  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:5 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:15 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1204 (1.1 KiB)  TX bytes:1204 (1.1 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.2  P-t-P:10.8.0.2  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:2401 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2879 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:1061717 (1.0 MiB)  TX bytes:375590 (366.7 KiB)

wlan0     Link encap:Ethernet  HWaddr 00:1E:42:20:76:F8  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1005941 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2742648 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:91345029 (87.1 MiB)  TX bytes:3492797327 (3.2 GiB)

wwan0     Link encap:Ethernet  HWaddr 06:E3:D0:3F:76:75  
          inet addr:10.150.10.233  Bcast:10.150.10.233  Mask:255.255.255.252
          inet6 addr: fe80::4e3:d0ff:fe3f:7675/64 Scope:Link
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:2538900 errors:0 dropped:0 overruns:0 frame:0
          TX packets:802265 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3380749579 (3.1 GiB)  TX bytes:75345064 (71.8 MiB)

Thank you very much!

by

Hello,

It seems that the ranges are in "reverse". If you want the 192.168.1.128/25 addresses to go directly through the wan the rule should be :

config rule
       option in 'lan'
       option src '192.168.1.0/25'
       option lookup 'rt'
       option priority '10'
by

Hello,

You are right the 192.168.1.128/25 addresses should go through the VPN. I've tried from both subnets but the ip address that i see with http://www.whatsmyip.org/ is always the VPN server public address.

When i reboot  the router the /etc/openvpn/up.sh script is not executed automatically because

ip route show table rt 

command shows nothing (i've changed /etc/init.d/openvpn as descripted in the guide).

After executing /etc/openvpn/up.sh manually subnet's public ip remains the VPN server public ip.

Thanks!