Menu
What's new
By:
Filters Better Search

Exclude client from VPN, except for particular IP address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

H

hursey013

Occasional Visitor
I would like to have all of my traffic routed through OpenVPN except one client - that part is working fine. On that excluded client I would also like to route a particular IP through the VPN, which I am having trouble getting working correctly. Here's what my policy rules look like:

Code: 
All 192.168.1.0/24 0.0.0.0 VPN
Router 192.168.1.1 0.0.0.0 WAN
Excluded-device 192.168.1.201 0.0.0.0 WAN
Excluded-device-bypass 192.168.1.201 xxx.xxx.xxx.xxx VPN

Should this work? If not, is there a better approach to accomplish this? Right now the bypass rule is still being sent through WAN, I suspect since the WAN rules are taking priority over VPN rules?
 
hursey013 said:
Any ideas on this?
Click to expand...

Can't do it easily the way policy routing works.....WAN rules always take precedence over VPN rules.
Only way to do it in the gui is to specify each client address you want to use the VPN separately, then for your special case also specify/include the single address that you want to use the VPN in the line.

EDIT: Or restrict the addresses you want to use the VPN, so you can use a smaller subnet instead of the 192.168.1.0/24 for the global VPN rule with your special case outside of that subnet.
 
Last edited:
hursey013 said:
Any ideas on this?
Click to expand...

You will need to manually add rule in the openvpn-event script
e.g. for VPN Client 1

vpnclient1-route-up
Code: 
ip rule del prio 9999
ip rule add from 192.168.1.201 to xxx.xxx.xxx.xxx table ovpnc1 prio 9999

ip route flush cache

EDIT: Added 'ip route flush cache' command to be complete for 'best-practice'
 
Last edited:
Martineau said:
You will need to manually add rule in the openvpn-event script
e.g. for VPN Client 1

vpnclient1-route-up
Code: 
ip rule del prio 9999
ip rule add from 192.168.1.201 to xxx.xxx.xxx.xxx table ovpnc1 prio 9999
Click to expand...

Wow, this worked like a charm, thank you! I came across some of your guidance here as well which was also very helpful : https://www.snbforums.com/threads/selective-routing-netflix-amazon-etc.36608/#post-346532 - sorry I missed that on my initial searches.
 
You must log in or register to reply here.

Similar threads

G
Wireguard VPN Client: killswitch activation -> LAN administration lock-out
Replies
6
Views
734
ZebMcKayhan
Z
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
2K
Don->
D
eibgrad
OpenVPN Client: mishandled route directives
Replies
7
Views
782
eibgrad
eibgrad
G
VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN
Replies
4
Views
795
Grefyne
G
R
DomainVPNRouting Domain VPN Routing v3.0.3 ***Release***
2 3
Replies
42
Views
3K
Ranger802004
R
Similar threads
Thread starter Title Forum Replies Date
D L2TP client on ax88U pro running latest merlin firmware how to add device Asuswrt-Merlin 0
M Wireguard client doesn't work Asuswrt-Merlin 6
T Wireguard Client VPN not using DNS Asuswrt-Merlin 14
I Wireguard VPN client does not autostart after reboot Asuswrt-Merlin 2
Z Sudden VPN client issues with RX-AX82U Asuswrt-Merlin 5
Panic Button Wireguard client optional DNS Server setting Asuswrt-Merlin 2
T Troubles with VPN Client + DDNS Setup on GT-BE98 Asuswrt-Merlin 5
G Wireguard VPN Client: killswitch activation -> LAN administration lock-out Asuswrt-Merlin 6
D Nord Open VPN client connected but not secure? Asuswrt-Merlin 1
C Weird client VPN problem that just started ! Asuswrt-Merlin 53

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 649 (members: 20, guests: 629)
Top