WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUTX11 vpn-policy-routing configuration

0 votes
661 views 3 comments
by anonymous

Hi there, I just got RUTX11, and I'm trying to accomplish the simplest OpenWRT task:

Set up OpenVPN and split traffic via vpn-policy-routing. 

LAN -> WAN

WLAN -> VPN

The only guide that I found is outdated and doesn't work for me properly.

https://wiki.teltonika-networks.com/wikibase/index.php?title=OpenVPN_traffic_split&mobileaction=toggle_view_desktop

My current state is:

1. Defined LAN and WLAN interfaces (192.168.10.0/24 and 192.168.11.0/24 accordingly)

2. Set up VPN and it works perfectly on all interfaces.

3. Installed vpn-policy-routing plugin

4. Configured policies simiillar to the guide and applied - there are no changes. VPN is still working for all interfaces.

Also, ifconfig doesn't show an expected tun_c_Testas tunnel for me (look at the guide)

Here are my policies from /etc/config/vpn-policy-routing                                                                                          







config policy



option dest_addr '192.168.10.0/24 192.168.11.0/24'



option name 'Ignore Local Requests by Destination'



option interface 'ignore'






config policy



option src_addr '192.168.11.0/24'



option interface 'VPN'



option name 'wifi_lan_vpn'






I tried a policy based on src_addr, but it also doesn't work for me






config policy 



option src_addr '192.168.10.0/30' 



option name 'go_wan_from_lan' 



option interface 'wan'















Please guide me to a proper way for splitting traffic between interfaces :pray:






















 
 

 





 






 





2 Answers











 
 





0 votes 


























by 
anonymous











Well, what I learnt that is RutOS doesn't support vpn-policy-routing well, this package is not very useful without UI.



And RutOS doesn't allow to install the UI package (luci-app-vpn-policy-routing)



The official guide is trash (https://wiki.teltonika-networks.com/wikibase/index.php?title=OpenVPN_traffic_split&mobileaction=toggle_view_desktop)






But here is a simpler solution for trivial usecase, just switched to vpnbypass.



How to install



opkg update



opkg install vpnbypass






Then, just update the vpnbypass config in a similar way (just list localsubnet ips to bypass VPN). Works magically.



root@Teltonika-RUTX11:~# cat /etc/config/vpnbypass 



 config vpnbypass 'config' option enabled '1' 



 list localport '32400' 



 list localsubnet '192.168.10.0/24' 



 list remotesubnet '25.0.0.0/8'










Best answer










 
 

 





 








 
 





0 votes 


























by 
anonymous









Hello, artesdi,



Thank you for contacting us.

I would like to inform, that using ifconfig command you will not receive exact VPN interface name "tun_c_Testas".

In the instruction this interface name was used, because VPN server, in example configuration was named "Testas".

In your interface list you should receive "tun_c_<your VPN name>.

Use this name, to complete configuration according the instruction and you will be able to receive working configuration.

In case, you will have any further questions, please inform.



Best regards,



Sigitas K.






























by 
anonymous
















Thanks for the quick reply, Sigitas!



Maybe I'm doing something wrong because of a different UI, let me check something please.



I'm on RUTX_R_00.02.06.1



1. In the guide General Setting of the VPN interface are hidden



Should I choose any protocol there or keep it as None?



2. Should the VPN interface be on status running when I click Save & Apply?



Is there any steps to debug if it is Stopped?



Here is my full if config after applying the settings (but my VPN interface status: Stopped)






br-lan Link encap:Ethernet HWaddr * 



inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0 



UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 



RX packets:20779861 errors:0 dropped:0 overruns:0 frame:0 



TX packets:24209793 errors:0 dropped:0 overruns:0 carrier:0 



collisions:0 txqueuelen:1000 



RX bytes:4912067707 (4.5 GiB) TX bytes:30105134255 (28.0 GiB) 






br-wan Link encap:Ethernet HWaddr * 



inet addr:174.* Bcast:174.* Mask:255.255.248.0 



UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 



RX packets:26538775 errors:0 dropped:0 overruns:0 frame:0 



TX packets:22288449 errors:0 dropped:0 overruns:0 carrier:0 



collisions:0 txqueuelen:1000 



RX bytes:31844034135 (29.6 GiB) TX bytes:6359032031 (5.9 GiB) 






eth0 Link encap:Ethernet HWaddr * 



UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 



RX packets:21204825 errors:0 dropped:598 overruns:0 frame:0 



TX packets:24210879 errors:0 dropped:0 overruns:0 carrier:0 



collisions:0 txqueuelen:1000 



RX bytes:931266717 (888.1 MiB) TX bytes:40380770 (38.5 MiB) 






eth1 Link encap:Ethernet HWaddr * 



UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 



RX packets:31076493 errors:0 dropped:281 overruns:0 frame:0 



TX packets:22289134 errors:0 dropped:0 overruns:0 carrier:0 



collisions:0 txqueuelen:1000 



RX bytes:2446109181 (2.2 GiB) TX bytes:2061584416 (1.9 GiB) 






lo Link encap:Local Loopback 



inet addr:127.0.0.1 Mask:255.0.0.0 



inet6 addr: ::1/128 Scope:Host 



UP LOOPBACK RUNNING MTU:65536 Metric:1 



RX packets:78 errors:0 dropped:0 overruns:0 frame:0 



TX packets:78 errors:0 dropped:0 overruns:0 carrier:0 



collisions:0 txqueuelen:1000 



RX bytes:6197 (6.0 KiB) TX bytes:6197 (6.0 KiB) 






wlan1 Link encap:Ethernet HWaddr * 



inet addr:192.168.11.1 Bcast:192.168.11.255 Mask:255.255.255.0 



inet6 addr: fe80::21e:42ff:fe27:f0a1/64 Scope:Link 



UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 



RX packets:1613359 errors:0 dropped:0 overruns:0 frame:0 



TX packets:2487770 errors:0 dropped:0 overruns:0 carrier:0 



collisions:0 txqueuelen:1000 



RX bytes:1160642157 (1.0 GiB) TX bytes:2159376295 (2.0 GiB) 






Does it help? 




















 












by 
anonymous
















I tried to rebuild everything from ground up today step-by-step.



No luck, all my interfaces go through VPN






config vpn-policy-routing 'config'



option verbosity '2'



option strict_enforcement '1'



option src_ipset '0'



option dest_ipset '0'



option resolver_ipset 'dnsmasq.ipset'



option ipv6_enabled '0'



list ignored_interface 'vpnserver wgserver'



option boot_timeout '30'



option iptables_rule_option 'append'



option procd_reload_delay '1'



option webui_enable_column '0'



option webui_protocol_column '0'



option webui_chain_column '0'



option webui_show_ignore_target '0'



option webui_sorting '1'



list webui_supported_protocol 'tcp'



list webui_supported_protocol 'udp'



list webui_supported_protocol 'tcp udp'



list webui_supported_protocol 'icmp'



list webui_supported_protocol 'all'



option enabled '1'






config include



option path '/etc/vpn-policy-routing.netflix.user'



option enabled '0'






config include



option path '/etc/vpn-policy-routing.aws.user'



option enabled '0'






config policy



option dest_addr '192.168.10.0/24 192.168.11.0/24'



option interface 'ignore'






config policy



option src_addr '192.168.11.0/24'



option interface 'VPN'






root@Teltonika-RUTX11:~# /etc/init.d/vpn-policy-routing restart



vpn-policy-routing 0.2.1-13 stopped [✓]



Creating table 'wan/br-wan/174.87.192.1' [✓]



Creating table 'VPN/tun_vpn/0.0.0.0' [✓]



Routing 'blank' via ignore [✓]



Routing 'blank' via VPN [✓]



vpn-policy-routing 0.2.1-13 monitoring interfaces: wan VPN [✓]



vpn-policy-routing 0.2.1-13 started with gateways:



wan/br-wan/174.87.192.1



VPN/tun_vpn/0.0.0.0



WARNING: The 'ignore' target is used by a policy 'blank', but a WebUI setting to show 'ignore' target (webui_show_ignore_tar



get) is disabled!




















 












by 
anonymous
















root@Teltonika-RUTX11:~# ifconfig










br-lan Link encap:Ethernet HWaddr *



inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0



inet6 addr: fdda:560a:217c::1/60 Scope:Global



inet6 addr: fe80::21e:42ff:fe27:f09e/64 Scope:Link



UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1



RX packets:35097 errors:0 dropped:0 overruns:0 frame:0



TX packets:53310 errors:0 dropped:0 overruns:0 carrier:0



collisions:0 txqueuelen:1000



RX bytes:12972620 (12.3 MiB) TX bytes:48077337 (45.8 MiB)










br-wan Link encap:Ethernet HWaddr *



inet addr:* Bcast:* Mask:255.255.248.0



inet6 addr: fe80::21e:42ff:fe27:f09f/64 Scope:Link



UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1



RX packets:46588 errors:0 dropped:0 overruns:0 frame:0



TX packets:33638 errors:0 dropped:0 overruns:0 carrier:0



collisions:0 txqueuelen:1000



RX bytes:51672694 (49.2 MiB) TX bytes:17421621 (16.6 MiB)










eth0 Link encap:Ethernet HWaddr *



UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1



RX packets:37477 errors:0 dropped:30 overruns:0 frame:0



TX packets:53310 errors:0 dropped:0 overruns:0 carrier:0



collisions:0 txqueuelen:1000



RX bytes:13624768 (12.9 MiB) TX bytes:48077184 (45.8 MiB)










eth1 Link encap:Ethernet HWaddr *



UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1



RX packets:46744 errors:0 dropped:6 overruns:0 frame:0



TX packets:33638 errors:0 dropped:0 overruns:0 carrier:0



collisions:0 txqueuelen:1000



RX bytes:52335382 (49.9 MiB) TX bytes:17421621 (16.6 MiB)










lo Link encap:Local Loopback



inet addr:127.0.0.1 Mask:255.0.0.0



inet6 addr: ::1/128 Scope:Host



UP LOOPBACK RUNNING MTU:65536 Metric:1



RX packets:45 errors:0 dropped:0 overruns:0 frame:0



TX packets:45 errors:0 dropped:0 overruns:0 carrier:0



collisions:0 txqueuelen:1000



RX bytes:3542 (3.4 KiB) TX bytes:3542 (3.4 KiB)










tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00



inet addr:10.7.0.2 P-t-P:10.7.0.2 Mask:255.255.255.0



inet6 addr: fe80::b290:e70a:f4db:16dd/64 Scope:Link



UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1



RX packets:55561 errors:0 dropped:0 overruns:0 frame:0



TX packets:39835 errors:0 dropped:0 overruns:0 carrier:0



collisions:0 txqueuelen:500



RX bytes:47632681 (45.4 MiB) TX bytes:14078403 (13.4 MiB)










wlan1 Link encap:Ethernet HWaddr *



inet addr:192.168.11.1 Bcast:192.168.11.255 Mask:255.255.255.0



inet6 addr: fe80::21e:42ff:fe27:f0a1/64 Scope:Link



UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1



RX packets:5718 errors:0 dropped:0 overruns:0 frame:0



TX packets:5357 errors:0 dropped:0 overruns:0 carrier:0



collisions:0 txqueuelen:1000



RX bytes:1400128 (1.3 MiB) TX bytes:1591693 (1.5 MiB)