11384 questions

13559 answers

21243 comments

31871 members

0 votes
36 views 1 comments
by
Hello.

Please help to split LAN ports 1-2 from 3.

1) LAN Ports 1-2 passed traffic through OpenVPN

2) LAN Port 3 traffic went directly through the mobile operator.

Tried: https://community.teltonika-networks.com/15103/route-traffic-from-lan-via-vpn-tunnel-guest-via-wan?show=15103#q15103

not informative, all traffic goes through vpn

Tried: https://wiki.teltonika-networks.com/view/OpenVPN_traffic_split but this is not for me.

1 Answer

0 votes
by

I'm tried:

uci set vpn-policy-routing.config.enabled="1"

while uci -q delete vpn-policy-routing.@policy[0]; do :; done

uci add vpn-policy-routing policy

uci set vpn-policy-routing.@policy[-1].dest_addr="192.168.1.0/24 192.168.2.0/24"

uci set vpn-policy-routing.@policy[-1].interface="ignore"

uci add vpn-policy-routing policy

uci set vpn-policy-routing.@policy[-1].src_addr="192.168.2.0/24"

uci set vpn-policy-routing.@policy[-1].interface="LAN_VPN"

uci commit

/etc/init.d/vpn-policy-routing restart

Got an error:

Creating table 'wan/eth1/0.0.0.0' [✓]

Routing 'blank' via ignore [✓]

Routing 'blank' via LAN_VPN [✗]

vpn-policy-routing 0.3.4-8 monitoring interfaces: wan [✓]

vpn-policy-routing 0.3.4-8 started with gateways:                                                                                                             

wan/eth1/0.0.0.0                                                                                                                                              

ERROR: Policy 'blank' has unknown interface: 'LAN_VPN'

WARNING: The 'ignore' target is used by a policy 'blank', but a WebUI setting to show 'ignore' target (webui_show_ignore_target) is disabled!

by

The error was the lack of an interface in "vpn-policy-routing":

config vpn-policy-routing 'config'

option verbosity '2'

option strict_enforcement '1'

option src_ipset '0'

option dest_ipset '0'

option ipv6_enabled '0'

list ignored_interface 'vpnserver wgserver'

option boot_timeout '30'

option iptables_rule_option 'append'

option procd_reload_delay '1'

option webui_enable_column '0'

option webui_protocol_column '0'

option webui_chain_column '0'

option webui_sorting '1'

list webui_supported_protocol 'tcp'

list webui_supported_protocol 'udp'

list webui_supported_protocol 'tcp udp'

list webui_supported_protocol 'icmp'

list webui_supported_protocol 'all'

option enabled '1'

list supported_interface 'LAN_VPN'

option resolver_ipset 'none'

option webui_show_ignore_target '1'

The command is now running successfully. But I still have all the traffic from the two vlans going through the VPN.

Cool forum. You look for solutions on other resources and you yourself answer your own question here.

p.s. If I find a final solution, I'll post.