What's new

OpenVPN policy routing guide?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hm, good question ...
You could try to set your Network 192.168.1.0/24 to "ips netflix" to VPN.
The killswitch in your cas could not work, as the router himself should always be able to connect via WAN.

In my eyes running Transmission on the router is very slow, why u do not use a better solution like a NAS or a rs pi?

Edit: I don't want to use a NAS/RS PI I as didn't want to spend the money and the time.. I am a very low level transmission user so don't need the extended setup and my router seems to be handling the load just fine. Hoipe this explains that bit.

My question/confusiuon:
OK I am a bit confused with your response.. I assume you are suggesting I setup a policy rule for 192.168.1.0/24 to VPN (this will bring my transmission on the router at 192.168.1.1 under VPN)?

I could then provide static IP for all my devices I want to be OUTSIDE the VPN and give them IP higher that 192.168.1.25 so as to make sure they stay on WAN and NOT VPN. Would this work?
 
192.168.1.0/24 is your complete network.
Give it a try, if your Router (Transmission) is then using vpn.
 
192.168.1.0/24 is your complete network.
Give it a try, if your Router (Transmission) is then using vpn.

Thanks! I will do that.. then my question is how do I push my Netflix Roku out of VPN and onto WAN? Adding a policy that says "192.168.1.45" to 0.0.0.0 WAN will do the trick from the GUI?

So basically have 2 rules in the policy table going:

192.168.1.0/24 0.0.0.0 VPN [everything goes under VPN]
192.168.1.45 0.0.0.0 WAN [my roku device goes directly to WAN]
192.168.1.52 0.0.0.0 WAN [my wife's laptop goes directly to WAN]

Is that going to work... ?
 
Try this instead:

Policy Rules
192.168.1.0/24 0.0.0.0 VPN [everything goes under VPN]
0.0.0.0 192.168.1.45 WAN [my roku device goes directly to WAN]
0.0.0.0 192.168.1.52 WAN [my wife's laptop goes directly to WAN]
 
Last edited:
@octopus
that is not the solution for Transmission / VPN.
Question was: [roku to WAN] and [wife's laptop to WAN] no one mention Transmission.
If transmission is on router (192.168.1.0) it would take VPN way.
 
Last edited:
Then its importent to use custom config right so you havent any strange config there.

From readme file:
OpenVPN client policy routing
-----------------------------
When configuring your router to act as an OpenVPN client (for instance
to connect your whole LAN to an OpenVPN tunnel provider), you can
define policies that determines which clients, or which destinations
should be routed through the tunnel, rather than having all of your
traffic automatically routed through it.

On the OpenVPN Clients page, set "Redirect Internet traffic" to
"Policy Rules". A new section will appear below, where you can
add routing rules. The "Source IP" is your local client, while
"Destination" is the remote server on the Internet. The field can be
left empty (or set to 0.0.0.0) to signify "any IP". You can also
specify a whole subnet, in CIDR notation (for example, 74.125.226.112/30).

The Iface field lets you determine if matching traffic should be sent
through the VPN tunnel or through your regular Internet access (WAN).
This allows you to define exceptions (WAN rules being processed
before the VPN rules).

Here are a few examples.

To have all your clients use the VPN tunnel when trying to
access an IP from this block that belongs to Google:

RouteGoogle 0.0.0.0 74.125.0.0/16 VPN

Or, to have a computer routed through the tunnel except for requests sent
to your ISP's SMTP server (assuming a fictious IP of 10.10.10.10 for your
ISP's SMTP server):

PC1 192.168.1.100 0.0.0.0 VPN
PC1-bypass 192.168.1.100 10.10.10.10 WAN


Another setting exposed when enabling Policy routing is to prevent your
routed clients from accessing the Internet if the VPN tunnel goes down.
To do so, enable "Block routed clients if tunnel goes down".
 
One problem is DNS settings when use policy rule and VPN. ALL use same dns as you have set in VPN.
To fix that you can use DNS-based Filtering under AiProtection.
 
Last edited:
Don't leave us mere mortals in the dark! What will this do for us? :)

So back in May 2015...

http://www.snbforums.com/threads/selective-routing-with-asuswrt-merlin.9311/page-17#post-182286

So now RMerlin's tweak means users no longer have to use say /jffs/scripts/init-start to set the VPN Client table mnemonics as I described here:

http://www.snbforums.com/threads/sp...-wan-routing-failover-mode.29682/#post-230214

Essentially, if you never use RPDB Selective Routing (or have a need to investigate/debug the RPDB rules), then this purely cosmetic change will remain a 'secret'! :p
 
Am I able to simply have 1 fixed LAN IP bypass my VPN tunnel via the GUI? Or do I need to code something?

I have a server with 2 NIC's on the motherboard. I want the 2nd NIC to bypass the VPN so I can access my content remotely via Emby (and maybe use uTorrent remote).

I've manually assigned the 2nd NIC an address of 192.168.1.88 in the GUI. What do I need to do to get that to bypass the VPN tunnel, while everything else on my home network goes through the tunnel?

I've tried to figure this out myself, but a lot of the information seems to be outdated due to firmware changes/additions. Any help would be appreciated!
 
Try this:
Redirect Internet Traffic => Polict Rules
"your device name" 192.168.1.88 0.0.0.0 WAN
"Your net" 192.168.1.0/24 0.0.0.0 VPN
 
Last edited:
Exactly what I needed, thanks! I wasn't sure if that would work since it was my understanding that the 2nd entry is the whole network. Was confused at first because Windows on my server kept defaulting to the 2nd NIC, but I figured out how to fix that by setting the metrics for both NIC's manually.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top