Using OpenVPN client and Server at the same time

[page_fault]

Hi,

I seem to be having a problem using the OpenVPN server and client at the same time. The server works great but right up until I turn on the client, the server stops accepting connections. I suspect it's listening on the VPN IP rather than the WAN IP but I'm not sure. I have a script to redirect only certain IPs to the VPN client and everything else to WAN but it doesn't work. Attached is my script. Any help would be appreciated.

#!/bin/sh

sleep 2

touch /tmp/000wanstarted

for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
      echo 0 > $i
done



#US VPN

#
# Delete and table 100 and flush any existing rules if they exist.
#
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING



#
# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
# NOTE: Here I assume the OpenVPN tunnel is named "tun11".
#
#
ip route show table main | grep -Ev ^default | grep -Ev tun11 \
  | while read ROUTE ; do
      ip route add table 100 $ROUTE
done



ip route add default table 100 via $(nvram get wan0_gateway)
ip rule add fwmark 1 table 100
ip route flush cache




#
# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the VPN. If MARK is set
# to "1" it will bypass the VPN.
#




#  All LAN traffic will bypass the VPN (Useful to put this rule first, so all traffic bypasses the VPN and you can # configure exceptions afterwards)

   iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1



# All traffic from Roku Wireless will use the VPN
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.15 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.25 -j MARK --set-mark 0

 

[Martineau]

Hi,

I seem to be having a problem using the OpenVPN server and client at the same time. The server works great but right up until I turn on the client, the server stops accepting connections. I suspect it's listening on the VPN IP rather than the WAN IP but I'm not sure. I have a script to redirect only certain IPs to the VPN client and everything else to WAN but it doesn't work. Attached is my script. Any help would be appreciated.

Try this VPN_Select.sh script, and U will need to add the directives

route-nopull
script-security 2
route-up /jffs/scripts/VPN_Select.sh

to the Custom VPN dialog box

#!/bin/sh

logger -s -t "($(basename $0))" $$ OpenVPN Client`echo -n $dev | tail -c -1` Selective routing starting.... " $0${*:+ $*}"

MY_VPNTAB=101 # Now read from /jffs/configs/VPNSelect
TAG_MARK=1 # Now read from /jffs/configs/VPNSelect

# Use the OpenVPN environment variables
if [ "X$dev" = "X" ]; then
logger -s -t "($(basename $0))" $$ "*** ERROR not called by VPN Client route-up?...ABORTing!"
exit 1
fi

# Create new table to route VPN traffic when used by RPDB or tagged with MARK. (Credit to  SmallNetBuilder members RMerlin and DJR747)
# or to be associated with a WiFi Guest SSID.
ip route flush table $MY_VPNTAB
ip rule del fwmark $TAG_MARK
ip rule del table $MY_VPNTAB


# Disable Reverse Path Filtering on current VPN network interface:
echo 0 > /proc/sys/net/ipv4/conf/$dev/rp_filter

ip route add default via $ifconfig_local dev $dev table $MY_VPNTAB
#ip rule add fwmark $TAG_MARK table $MY_VPNTAB

#iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range xxx.xxx.xxx.xxx -j MARK --set-mark $TAG_MARK

# Use Routing Policy Database Base (RPDB) as of Apr 2015 to eliminate '-t mangle PREROUTING ' chain corruption
ip rule add from 192.168.1.15 lookup $MY_VPNTAB
ip rule add from 192.168.1.25 lookup $MY_VPNTAB
ip route flush cache

logger -s -t "($(basename $0))" $$ OpenVPN Client`echo -n $dev | tail -c -1` Selective routing completed.

 

[page_fault]

Worked perfectly! Thanks a ton for your help!

 

[page_fault]

I have another problem I wonder if you could fix. While this script works it seems now when the OpenVPN client is connected I can only access the gateway (192.168.1.1) but none of the other computers on my network. If I disconnect the OpenVPN client I can access all the computers on my network. Do I need to do some more route magic somewhere? I have enabled Push LAN to Clients in the server portion.

 

[page_fault]

Bump, anyone else having this problem?