FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,573 views 6 comments
by

Hi, 

I did tunnel split on RUT950, but router is still routing everything through VPN. I did step by step, except changed lan IP to 192.168.1.0/25. Also tried original IP range, but no luck. Do i miss some configuration?

https://wiki.teltonika.lt/view/OpenVPN_traffic_split

Here is my routing table:

Active IP Routes

Network Target IP gateway Metric
vpnas 0.0.0.0/1 10.8.0.5 0
ppp 0.0.0.0/0 10.143.198.7 0
vpnas 0.0.0.0/0 10.8.0.5 0
vpnas 10.8.0.0/24 10.8.0.5 0
vpnas 10.8.0.5 0.0.0.0 0
ppp 10.143.198.0/29 0.0.0.0 10
ppp 10.143.198.7 0.0.0.0 10
ppp 91.154.7.99 10.143.198.7 0
vpnas 128.0.0.0/1 10.8.0.5 0
lan 192.168.1.0/24 0.0.0.0 0
ppp 193.13.150.72 10.143.198.7 0
ppp 212.248.152.72 10.143.198.7 0

1 Answer

0 votes
by anonymous
Hi,

Could you add configurations which you was changed in router?
Best answer
by

Hi,

I did all according to this guide https://wiki.teltonika.lt/view/OpenVPN_traffic_split. Only changes was in /etc/config/network/


config interface 'vpnas'
        option proto 'none'
        option ifname 'tun_c_Home'

config route
        option interface 'vpnas'
        option target '0.0.0.0'
        option netmask '0.0.0.0'
        option gateway '10.8.0.5'
        option table 'main'

config rule
        option in 'lan'
        option src '192.168.1.0/25'
        option lookup 'rt'
        option priority '10'

Config in the router should be default. Only added few wlans, openvpn client and changed login password.

The one thing i did not get in the guide that if my mobile traffic went through VPN before this configuration and then i added this configuration that only specific IP range should go through VPN. Then how configuration change route for the rest of the IP address and route it straight to "internet".

Here is also main table routes:

master@Teltonikaaa-RUT950:~# ip route show table main

0.0.0.0/1 via 10.8.0.5 dev tun_c_Home

default via 10.143.198.7 dev wwan0

10.8.0.0/24 via 10.8.0.5 dev tun_c_Home

10.8.0.5 dev tun_c_Home  proto kernel  scope link  src 10.8.0.6

10.143.198.0/29 dev wwan0  proto static  scope link  metric 10

10.143.198.7 dev wwan0  proto static  scope link  src 10.143.196.2  metric 10

91.154.7.99 via 10.143.198.7 dev wwan0

128.0.0.0/1 via 10.8.0.5 dev tun_c_Home

192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1

193.13.150.72 via 10.143.198.7 dev wwan0

212.248.152.72 via 10.143.198.7 dev wwan0

by anonymous

Hi,

Under config route change option table from 'main' to 'rt'.

by

Hi, 

Do not understand why i missed that configuration, because i did copy paste from the wiki guide. Now i have changed that but no affect even that i restarted router. 

For some reason there is static route in setup and the table is main, not rt. Also rt table is not an option here.

In network -> routing

echo "5 rt" >> /etc/iproute2/rt_tables

vi /etc/iproute2/rt_tables

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
5 rt
~

UPDATE:

Tried to delete table and adding /etc/config/network/ routing again and restarting, but still the table in static route configuration is "MAIN" and it does not recognize table "rt".

by anonymous
Hi,

try to reset router to default settings and reconfigure it  correctly one more time.
by
Hi,

I think that the problem is on openvpn server side. I have checked on server "use the default gateway on remote network". Do you know how can i force router openvpn client to use local IP as gateway, regarding server settings?

One thing i noticed that when i change the metric of static route "VPNAS", it will change and i see the change on routing, but after a while something is forcing it back to zero.

I do not wan't to do reset, because i am not close to the router. I think that it will not help this case.

Does this conclusion sounds any valid? I have to be honest that what comes to routing i am noob and sorry in advance :)
by
Hi,

Just an update to the issue i had. By adding in openvpn client setting " extra option: --pull-filter ignore redirect-gateway" will ignore server settings and network split works correctly.