What's new

Add router IP to use VPN using Policy Rules

maxiarg14

Occasional Visitor
Hi to all!

I just installed Pyload and Transmission on my RT-AC86U. Now I have a problem. I have to set the router (192.168.1.1) to go to Internet through VPN and NOT through WAN. How can I do that?

I have the policy rule:
All192.168.1.0/240.0.0.0VPN

So it's supposed to do the job, since router ip is 192.168.1.1, and would go to the internet through VPN Tunnel, but it's not working and it goes through WAN.

Can anyone help me with this issue?

Thank you very much!

Regards,

Maxi
 

eibgrad

Senior Member
The router (from the perspective of its own internet-bound processes) is NOT using the LAN (192.168.1.1). It's using its public IP on the WAN!

I'm not sure if specifying its WAN ip would work, and even if it did, its typically dynamic, not static.

Last time I heard of this problem, the user got around it by binding the LAN side of the router to an additional network (e.g., 192.168.99.1/24) and process (iirc, transmission) to that same network, then placed that in policy routing.
 
Last edited:

maxiarg14

Occasional Visitor
Hi @eibgrad , that makes a lot of sense, and I was thinking the same.

Do you have any tutorial or explanation of how to do that? It seems to be complicated, or not?

Thank you for the answer!

Best regards
 

maxiarg14

Occasional Visitor
I think I have to create a virtual lan, isn´t? Create a virtual interface and make Transmission and Pyload to listen on that interface, and then add routes so I can go to internet through that interface. I'm not an expert, maybe I need a tutorial to understand more the situation. Sorry for my english.

Regards.
 

eibgrad

Senior Member
I would first try binding these processes to *only* the LAN side of the router (192.168.1.x). They're probably bound either to *all* or the WAN by default. I think the last time I saw this problem, the user wanted to use an additional network to keep the process off the LAN and accessible by users. So it may not be necessary. Been so long ago, my memory is not good on the details.

If that doesn't work, I'll show you how to bind a different network instead.
 
Last edited:

Xentrk

Part of the Furniture
Hi to all!

I just installed Pyload and Transmission on my RT-AC86U. Now I have a problem. I have to set the router (192.168.1.1) to go to Internet through VPN and NOT through WAN. How can I do that?

I have the policy rule:
All192.168.1.0/240.0.0.0VPN

So it's supposed to do the job, since router ip is 192.168.1.1, and would go to the internet through VPN Tunnel, but it's not working and it goes through WAN.

Can anyone help me with this issue?

Thank you very much!

Regards,

Maxi
What firmware version are you on? Two have reported an issue in 384.19 Alpha 4 and Beta 1 for policy routing when using CIDR format. Try removing the rule for the lan and create several individual rules for LAN clients and see if that works.

That should be all you have to do. It should force all LAN Clients to use VPN. Some also have an entry for the router 192.168.1.1 to use the WAN to access services like ntp if the VPN is down. Are you using Policy Rules (Strict)?

If you can logon to an SSH session, what is the output of the command?
Code:
ip rule
This will display the RPDB rules.
 

maxiarg14

Occasional Visitor
I would first try binding these processes to *only* the LAN side of the router (192.168.1.x). They're probably bound either to *all* or the WAN by default. I think the last time I saw this problem, the user wanted to use an additional network to keep the process off the LAN and accessible by users. So it may not be necessary. Been so long ago, my memory is not good on the details.

If that doesn't work, I'll show you how to bind a different network instead.
@eibgrad It works!!! I bound Transmission and Pyload to only listen on 192.168.1.1 (both were listening on all interfaces, 0.0.0.0). Now I can see in Transmission that my ip is the one provided by my VPN service:

1596719434650.png

I don't know how to check that Pyload is using the same IP too, DO YOU KNOW? Anyway, I suppose that is using the same.

Thank you very much for all your support buddy!! And @Xentrk thanks for your support too!

Best regards,

Maxi
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top