7106 questions

8497 answers

13758 comments

10494 members

0 votes
63 views 17 comments
by
Hi

Nearly got my router doing as I want thanks to lots of help from here.

I now have a router set up with 192.168.0.1-192.168.0.99 - DHCP and VPN, 192.168.0.100-192.168.0.199 - STATIC and VPN and 192.168.0.200-192.168.0.251 STATIC and ISP

It is the latter I cannot get to work. How do I only route 200-251 as using the ISP connection and not the established Wireguard?

Thanks

1 Answer

0 votes
by

Hello,

You'll have to use split-tunnelling. Look at this ticket first, but with the values you have chosen the rules will be a little more complex..

Regards.

by
Had another look but can't wait to get this solved.
by
Only the config route and config rule should be relevant. Do you have at least one device in each range usable for testing?
by

OKay VPN range all okay

.128 upwards is not connecting.

Tracert with LAN ISP only

  1     2 ms     1 ms     1 ms  Teltonika-RUTX09.com [192.168.0.1]

  2    90 ms    47 ms    47 ms  10.13.0.1

  3    60 ms    71 ms    83 ms  te0-0-1-2.332.agr11.lon13.atlas.cogentco.com [149.14.224.65]

  4   110 ms    60 ms    83 ms  te0-3-0-3.ccr42.lon13.atlas.cogentco.com [154.54.39.21]

  5    44 ms    59 ms    63 ms  be2871.ccr21.lon01.atlas.cogentco.com [154.54.58.186]

  6     *        *        *     Request timed out.

  7  Transmit error: code 1231.

Trace complete.

TRACERT with VPN IP

C:\Users\gboyd>tracert google.com

Tracing route to google.com [216.58.212.206]

over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  Teltonika-RUTX09.com [192.168.0.1]

  2    46 ms    46 ms    46 ms  10.13.0.1

  3    54 ms    45 ms    49 ms  te0-0-1-2.332.agr11.lon13.atlas.cogentco.com [149.14.224.65]

  4    44 ms    55 ms    46 ms  te0-3-0-3.ccr42.lon13.atlas.cogentco.com [154.54.39.21]

  5    48 ms    46 ms    53 ms  be2871.ccr21.lon01.atlas.cogentco.com [154.54.58.186]

  6    58 ms    40 ms    57 ms  tata.lon01.atlas.cogentco.com [130.117.15.178]

  7    40 ms    48 ms    44 ms  72.14.217.89

  8   211 ms   100 ms   202 ms  209.85.249.149

  9   391 ms   308 ms   213 ms  209.85.252.181

 10   919 ms   100 ms   100 ms  lhr25s27-in-f14.1e100.net [216.58.212.206]

config interface 'loopback'

        option ifname 'lo'

        option proto 'static'

        option ipaddr '127.0.0.1'

        option netmask '255.0.0.0'

config globals 'globals'

        option ula_prefix 'fd94:7dcb:d35d::/48'

config interface 'lan'

        option type 'bridge'

        option ifname 'eth0'

        option proto 'static'

        option netmask '255.255.255.0'

        option ip6assign '60'

        option dns '1.1.1.1 1.0.0.1'

        option metric '0'

        option ipaddr '192.168.0.1'

config interface 'wan'

        option ifname 'eth1'

        option proto 'dhcp'

        option auto '0'

        option metric '1'

config interface 'wan6'

        option ifname 'eth1'

        option proto 'dhcpv6'

        option auto '0'

        option metric '2'

config switch

        option name 'switch0'

        option reset '1'

        option enable_vlan '1'

config switch_vlan

        option device 'switch0'

        option vlan '1'

        option ports '2 3 4 0'

config switch_vlan

        option device 'switch0'

        option vlan '2'

        option ports '5 0'

config interface 'mob1s1a1'

        option proto 'wwan'

option modem '3-1'

        option sim '1'

        option pdp '1'

        option method 'nat'

        option pdptype 'ip'

        option peerdns '0'

        option dns '1.1.1.1 1.0.0.1'

        option metric '3'

        option delegate '0'

        option auth 'none'

config interface 'mob1s2a1'

        option proto 'wwan'

        option modem '3-1'

        option sim '2'

        option pdp '1'

        option auto '0'

        option metric '4'

config interface 'Torguard'

        option proto 'wireguard'

        option private_key '+='

        option public_key '+='

        option listen_port '51820'

        list addresses '10.13.128.97/24'

        option disabled '0'

config wireguard_Torguard 'peer'

        option public_key '/='

        list allowed_ips '0.0.0.0/0'

        option endpoint_host '149.14.224.66'

        option endpoint_port '1443'

option persistent_keepalive '25'

        option route_allowed_ips '1'

config route

        option interface 'Torguard'

        option target '0.0.0.0'

        option netmask '0.0.0.0'

        option table 'rt'

        option gateway '10.13.128.97'

config rule

        option in 'lan'

        option src '192.168.0.128/25'

        option lookup 'rt'

        option priority '10'

Might be a silly question but should a rule priority be added to stop VPN taking priority:?

root@Teltonika-RUTX09:~# ip rule

0:      from all lookup local

10:     from 192.168.0.128/25 iif br-lan lookup rt

32766:  from all lookup main

32767:  from all lookup default

by
Be careful not to post keys, please edit your previous comment.

tracert failures may not be significant network nodes may not propagate UDP packets for obscure reasons.

Redo the test with ping www.yahoo.com or some other well known server.
by
Hi

ALL keys are truncated.

Dnsleaktest is still showing the VPN address when local ip is within the LAN range.