OpenVPN Clients - Policy Rules STRICT?

[Ubershopper]

Due diligence: I've searched here and elsewhere and read a few guides, but can't find any reference to this.

Background:
I have an OpenVPN client connected and working. I have rules set so that three devices are directed through the tunnel and DNS set to enabled so that those devices use the VPNs DNS server.

Question:
In the Redirect Internet Traffic selector, what the difference between Policy Rules, and Policy Rules (Strict) ?

Thanks

 

[RMerlin]

Strict mode was added with 380.66. From the changelog:

  - NEW: Added new Internet redirection mode to OpenVPN clients
         called "Policy Rule (Strict)".  The difference from the
         existing "Policy Rule" mode is that in strict mode,
         only rules that specifically target the tunnel's
         interface will be used.  This ensures that you don't
         leak traffic through global or other tunnel routes,
         however it also means any static route you might have
         defined at the WAN level will not be copied either.

In general, strict mode is preferable, but it won't work if you or your ISP are using static routes in your WAN configuration (something not very common).

 

[Ubershopper]

Okay, that makes sense.

Thanks.

 

[killeriq]

Hello, just want to confirm those question:

1. What for are Clients 1-5?
Just to have different services ready to connect any time?

2. Is there a way how can i connect on router as VPN client and use it only for specific IP ?
I would like to use some of my devices on VPN and some on "regular" network.

Thanks

 

[Ubershopper]

1. What for are Clients 1-5?
Just to have different services ready to connect any time?

I'm relatively new to this but yes. I think it is so you could connect your router as a client to multiple servers at the same time.

2. Is there a way how can i connect on router as VPN client and use it only for specific IP ?
I would like to use some of my devices on VPN and some on "regular" network.

Yes. Again, I'm new to this too but what you need to do is use policy rules. Then you can list the IP addresses of the devices you want to go through the VPN.

Search for Merlin VPN tutorial and you should find a couple detailed step by step guides.

 

[killeriq]

found it, thanks

https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing

even video:

 

[endtimes]

Is there a way to access an IP running through a VPN on an internal LAN when strict mode is enabled?

 

[snowatom]

Just wondering.
if I have two VPN connections running, and both are configured for the same client. Which VPN of these two will then be used?

 

[Martineau]

Just wondering.
if I have two VPN connections running, and both are configured for the same client. Which VPN of these two will then be used?

see this post