Static Route + VPN Force Internet Traffic Through Tunnel: Yes

[Lynx]

I have this setup:

asus router (192.168.1.1) -> modem (192.168.8.1)

If I have OpenVPN set to on and 'Force Internet Traffic Through Tunnel: Yes' (which works the way I want everything to),

is it possible for me to set a static route between 192.168.1.0 and 192.168.8.1 so that I can still access the web gui of my modem?

 

[ColinTaylor]

is it possible for me to set a static route between 192.168.1.0 and 192.168.8.1 so that I can still access the web gui of my modem?

Try it and find out.

 

[Lynx]

My problem is that I do not know how I would.

Should it be something like this under LAN->Route:

​

Network host	Mask	Gateway	Metric	Interface
192.168.8.1	255.255.255.255	192.168.8.1	?	WAN

I can achieve what I want by applying these commands:

ifconfig eth0:0 192.168.8.2 netmask 255.255.255.0
iptables -t nat -l POSTROUTING -o eth0 -j MASQUERADE

This seems to set up a router between my router (192.168.1.1) and modem (192.168.8.1)

Can I not do this using the LAN->Route page on the GUI?

 

[john9527]

is it possible for me to set a static route between 192.168.1.0 and 192.168.8.1 so that I can still access the web gui of my modem?

Just add an openvpn rule for the modem ip to WAN....

 

[Lynx]

Ah... any idea what form this should take?

Update: looks like the following works:

route 192.168.8.1 255.255.255.255 net_gateway

Does this seem right?

 

[john9527]

Does this seem right?

That's right....good searching

I assumed that you were using Policy based routing, so adding a 'rule' would work (need to use regular Policy and not Policy Strict).
The route statement you added will work as well.

 

[Lynx]

Yes - this allows me to avoid policy based routing which I want because I don't like the way the policy based routing makes WAN the default on the router. I prefer that everything on router defaults to VPN, which I think is enabled via Force traffic through tunnel: Yes.
I noticed that Amazon Prime Video does not detect VPN so long as the pushed DNS from NordVPN is used so under LAN DNS Filter I make the global default CleanBrowsing Family and my television clients exceptions that use 'no filtering' so that they go through the pushed NordVPN DNS and Amazon Prime is happy. This seems to work very well and feels like an elegant and simple solution for my needs.

 

[Lynx]

@john9527 and others - using:

route 192.168.8.1 255.255.255.255 net_gateway

Indeed allows me to connect to my 4G modem over my WAN port when the VPN tunnel is UP, but I have found that if my 4G modem internet is down and the VPN tunnel is down, then I cannot access the GUI of my 4G modem.
What would be the correct route to ensure that I always am able to access my 4G modem (192.168.8.1) over WAN from my ASUS Router (192.168.1.1) regardless of the VPN tunnel state?