openvpn-event failing to direct traffic over VPN

[Matt82]

Hi,

I have recently purchased a Asus RT-AC68U router and I am running the Asuswrt-Merlin firmware version 380.57_0.

I am wanting to route some of my devices over a VPN and others with the ISP but at the minute I am failing to do this and all traffic is going over the VPN.

I have followed instructions in the following link to default all traffic via the ISP and any IP addresses listed via the VPN:
https://github.com/RMerl/asuswrt-me...ver-VPN-and-Drop-connections-if-VPN-goes-down

On a reboot of the router I know that the openvpn-event script is running as I have a line in the script to write a file to the tmp folder. I have included a line at the start and end of the script, both files are being created but all traffic is going via the VPN. I can see in the Asus Administration VPN page that the client is connected, should I have used the TCP or UDP ovpn file when setting the VPN client? Does this matter?

Does anyone have any ideas why this could be happening or the next steps to take to resolve it?

Matt

 

[octopus]

From README-merlin file:

Spoiler: OpenVPN client policy routing

OpenVPN client policy routing
-----------------------------
When configuring your router to act as an OpenVPN client (for instance
to connect your whole LAN to an OpenVPN tunnel provider), you can
define policies that determines which clients, or which destinations
should be routed through the tunnel, rather than having all of your
traffic automatically routed through it.

On the OpenVPN Clients page, set "Redirect Internet traffic" to
"Policy Rules". A new section will appear below, where you can
add routing rules. The "Source IP" is your local client, while
"Destination" is the remote server on the Internet. The field can be
left empty (or set to 0.0.0.0) to signify "any IP". You can also
specify a whole subnet, in CIDR notation (for example, 74.125.226.112/30).

The Iface field lets you determine if matching traffic should be sent
through the VPN tunnel or through your regular Internet access (WAN).
This allows you to define exceptions (WAN rules being processed
before the VPN rules).

Here are a few examples.

To have all your clients use the VPN tunnel when trying to
access an IP from this block that belongs to Google:

RouteGoogle 0.0.0.0 74.125.0.0/16 VPN

Or, to have a computer routed through the tunnel except for requests sent
to your ISP's SMTP server (assuming a fictious IP of 10.10.10.10 for your
ISP's SMTP server):

PC1 192.168.1.100 0.0.0.0 VPN
PC1-bypass 192.168.1.100 10.10.10.10 WAN

Another setting exposed when enabling Policy routing is to prevent your
routed clients from accessing the Internet if the VPN tunnel goes down.
To do so, enable "Block routed clients if tunnel goes down".

 

[Matt82]

Thank you, all sorted and working now