Possible to send site-specific data only over OpenVPN?

Discussion in 'Asuswrt-Merlin' started by Bagman, Feb 28, 2013.

  1. Bagman

    Bagman Regular Contributor

    Joined:
    Nov 30, 2012
    Messages:
    70
    Is it possible to set up the OpenSSL client to connect to a VPN, but then only route connections over that VPN based on the domain or IP of the target machine?

    Ideally I'd like it so that when I'm using a browser, going to specific websites goes over the VPN, and other traffic goes via the normal non-VPN routes.

    I've had a bit of a search all over the place, but it's all a bit confusing as to whether I can do this directly on the router.

    Thanks for any help/suggestions/ideas!
     
  2. Log in / Register to remove this ad

  3. janosek

    janosek Regular Contributor

    Joined:
    Jan 8, 2013
    Messages:
    146

    Yes you can. You need to enable your JFFS filespace, then create a WAN-START script under /jffs/scripts.

    Here is the general script and description:
    http://www.thegeekpost.com/2013/02/02/tomatousb-selective-routing-when-using-openvpn-client/


    The only issue I have is with timing. Sometimes I have to reboot the router several times to get it to work properly because the openvpn client is not ready. I tried the sleep command but it didn't seem to help. My problem is I just don't know this stuff well enough and my wife doesn't like the internet going down, so it limits my time to tinker.

    My future goal is to selectively route through two vpns. One out of the US for netflix and hulu plus (current setup) and another out of Switzerland for torrenting. I would also like to code in DNS leak protection and a kill switch if the Swiss VPN goes down.

    My current setup is to selectively route my PS3 and Nexus 10 through the VPN, leaving my wife's laptop and my desktop on ISP. Then I create a windows xp virtual machine for torrenting, using PIA's client that has DNS leak protection and a kill switch built in. I just have the virtual machine turn on at boot up. The only problem is it is a bit of a resource hog.
     
  4. Bagman

    Bagman Regular Contributor

    Joined:
    Nov 30, 2012
    Messages:
    70
    Hmm, that's the exact opposite of what I want to do. I want all traffic by default to go over the normal link, with certain exceptions to go over VPN. That webpage puts all traffic over the VPN, with some exceptions going over the normal link.

    Looks like I'll have to read up on IPtables, and it looks like this would only work for IPs rather than domains...
     
  5. janosek

    janosek Regular Contributor

    Joined:
    Jan 8, 2013
    Messages:
    146
    By default, when you activate the VPN, everything goes over it. You can change the first rule from:

    # By default all traffic flows through the VPN
    iptables -t mangle -A PREROUTING -i br0 -j MARK –set-mark 0

    # By default all traffic flows through the WAN
    iptables -t mangle -A PREROUTING -i br0 -j MARK –set-mark 1
     
  6. janosek

    janosek Regular Contributor

    Joined:
    Jan 8, 2013
    Messages:
    146

    I just re-read your first post. I misunderstood.

    You might be interested in this:

    http://www.dd-wrt.ca/phpBB2/viewtopic.php?t=161397

    It sort of works, but many sites host content on other servers, so while the first site thinks you are at the other end of the VPN, the other servers may not.
     
  7. Bagman

    Bagman Regular Contributor

    Joined:
    Nov 30, 2012
    Messages:
    70
    Thanks for the links/info, it's all very useful.
     

Share This Page