What's new

Exclude client from VPN, except for particular IP address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

hursey013

Occasional Visitor
I would like to have all of my traffic routed through OpenVPN except one client - that part is working fine. On that excluded client I would also like to route a particular IP through the VPN, which I am having trouble getting working correctly. Here's what my policy rules look like:

Code:
All 192.168.1.0/24 0.0.0.0 VPN
Router 192.168.1.1 0.0.0.0 WAN
Excluded-device 192.168.1.201 0.0.0.0 WAN
Excluded-device-bypass 192.168.1.201 xxx.xxx.xxx.xxx VPN

Should this work? If not, is there a better approach to accomplish this? Right now the bypass rule is still being sent through WAN, I suspect since the WAN rules are taking priority over VPN rules?
 
Any ideas on this?

Can't do it easily the way policy routing works.....WAN rules always take precedence over VPN rules.
Only way to do it in the gui is to specify each client address you want to use the VPN separately, then for your special case also specify/include the single address that you want to use the VPN in the line.

EDIT: Or restrict the addresses you want to use the VPN, so you can use a smaller subnet instead of the 192.168.1.0/24 for the global VPN rule with your special case outside of that subnet.
 
Last edited:
Any ideas on this?

You will need to manually add rule in the openvpn-event script
e.g. for VPN Client 1

vpnclient1-route-up
Code:
ip rule del prio 9999
ip rule add from 192.168.1.201 to xxx.xxx.xxx.xxx table ovpnc1 prio 9999

ip route flush cache

EDIT: Added 'ip route flush cache' command to be complete for 'best-practice'
 
Last edited:
You will need to manually add rule in the openvpn-event script
e.g. for VPN Client 1

vpnclient1-route-up
Code:
ip rule del prio 9999
ip rule add from 192.168.1.201 to xxx.xxx.xxx.xxx table ovpnc1 prio 9999

Wow, this worked like a charm, thank you! I came across some of your guidance here as well which was also very helpful : https://www.snbforums.com/threads/selective-routing-netflix-amazon-etc.36608/#post-346532 - sorry I missed that on my initial searches.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top