OpenVPN client set up - split tunnel does not function; wrong default route
Hi - I have set up the OpenVPN client on the RTN66U running 3.0.0.4.264.22. I have selected:
Redirect Internet traffic = No
I thought this would mean that no default route would be created for this client config. ie - I could bring up a tunnel but still have the default route go out my PPPoE connection on ppp0.
When I bring up the config and do a show route I see this:
tun11 is the VPN tunnel interface
And a traceroute with the VPN client running:
Straight to a 209.x.x.x address - my OpenVPN provider in the USA
When I shut down the OpenVPN Client1 connection I see this route table change:
And a traceroute to the same host shows:
Straight out the ppoe interface to my ISP
This is the nvram with the "Redirect Internet traffic" option set to NO:
This is the nvram with the "Redirect Internet traffic" option set to YES:
The difference is in the line:
vpn_client1_rgw=1
This says to me that with the OpenVPN client running and the "Redirect Internet traffic" option set to NO I still get a default route out the VPN interface.
Am I looking at this wrong ?
Hi - I have set up the OpenVPN client on the RTN66U running 3.0.0.4.264.22. I have selected:
Redirect Internet traffic = No
I thought this would mean that no default route would be created for this client config. ie - I could bring up a tunnel but still have the default route go out my PPPoE connection on ppp0.
When I bring up the config and do a show route I see this:
tun11 is the VPN tunnel interface
And a traceroute with the VPN client running:
Straight to a 209.x.x.x address - my OpenVPN provider in the USA
macbookair:~ ilium007$ traceroute suncorp.com.au
traceroute to suncorp.com.au (203.0.222.10), 64 hops max, 52 byte packets
1 www.asusnetwork.net (192.168.10.1) 0.501 ms 0.324 ms 0.258 ms
2 * * *
3 bukbukimachicken.me (209.159.150.233) 271.299 ms 271.139 ms 271.226 ms
4 core-04-teb2.us.as19318.net (66.45.224.177) 270.821 ms 269.985 ms 271.813 ms
5 64.20.47.17 (64.20.47.17) 272.187 ms 271.781 ms 271.406 ms
6 209.197.17.197 (209.197.17.197) 272.036 ms 272.582 ms 271.756 ms
7 e2-4.r1.ch.hwng.net (209.197.0.33) 298.210 ms 302.850 ms 298.562 ms
8 * * *
9 209.234.240.250 (209.234.240.250) 343.281 ms 344.287 ms 348.065 ms
10 gi5-2.sjc-core01.net.telstraglobal.net (206.223.116.11) 347.926 ms 347.557 ms 348.087 ms
11 i-0-1-2-0.eqnx-core01.bi.telstraglobal.net (202.84.251.97) 348.306 ms
i-0-4-4-0.eqnx-core01.bi.telstraglobal.net (202.84.251.41) 347.618 ms 347.778 ms
12 i-0-6-0-1.sydo-core02.bx.telstraglobal.net (202.84.140.134) 492.584 ms 497.166 ms 492.293 ms
13 tengige0-2-0-5.oxf-gw1.sydney.telstra.net (203.50.13.13) 496.637 ms 496.485 ms 651.195 ms
14 bundle-ether1.ken-core4.sydney.telstra.net (203.50.6.5) 502.042 ms 498.418 ms 504.646 ms
15 bundle-ether5.cha-core4.brisbane.telstra.net (203.50.11.73) 522.165 ms 523.227 ms 524.742 ms
16 tengigabitethernet2-1.woo6.brisbane.telstra.net (203.50.50.144) 514.824 ms 507.352 ms 507.311 ms
17 suncor10.lnk.telstra.net (139.130.185.70) 515.273 ms 510.304 ms 513.485 ms
18 suncor10.lnk.telstra.net (139.130.185.70) 510.303 ms !X 510.789 ms !X 508.383 ms !X
When I shut down the OpenVPN Client1 connection I see this route table change:
And a traceroute to the same host shows:
Straight out the ppoe interface to my ISP
macbookair:~ ilium007$ traceroute suncorp.com.au
traceroute to suncorp.com.au (203.0.222.10), 64 hops max, 52 byte packets
1 www.asusnetwork.net (192.168.10.1) 0.800 ms 0.342 ms 0.328 ms
2 * * *
3 bri-sot-wic-csw2-gi-1-3.tpgi.com.au (202.7.173.137) 21.480 ms 20.656 ms 20.964 ms
4 bri-sot-wic-crt1-gi-2-0-0.tpgi.com.au (203.29.135.1) 21.392 ms 21.447 ms 21.710 ms
5 gigabitethernet3-3.woo7.brisbane.telstra.net (120.151.255.225) 36.399 ms 220.033 ms 174.475 ms
6 tengigabitethernet1-1.woo6.brisbane.telstra.net (203.50.51.144) 34.776 ms 34.793 ms 35.437 ms
7 suncor10.lnk.telstra.net (139.130.185.70) 38.098 ms 37.936 ms 37.191 ms
8 * suncor10.lnk.telstra.net (139.130.185.70) 38.280 ms !X *
9 * *^C
This is the nvram with the "Redirect Internet traffic" option set to NO:
admin@(none):/# nvram show | grep client1
vpn_client1_poll=0
vpn_crt_client1_static=
vpn_client1_nm=255.255.255.0
vpn_client1_cipher=DES-CBC
vpn_client1_addr=us3.vpnsecure.me
vpn_client1_reneg=-1
vpn_client1_username=
vpn_client1_comp=yes
vpn_client1_retry=30
vpn_client1_gw=
vpn_client1_adns=0
vpn_client1_tlsremote=0
vpn_client1_if=tun
vpn_crt_client1_crt=-----BEGIN CERTIFICATE-----
vpn_client1_custom=comp-lzo
vpn_client1_rgw=0
vpn_client1_remote=10.8.0.1
vpn_client1_rg=0
vpn_client1_crypt=tls
vpn_client1_useronly=0
vpn_client1_bridge=1
vpn_crt_client1_ca=-----BEGIN CERTIFICATE-----
size: 46592 bytes (18944 left)
vpn_client1_firewall=auto
vpn_client1_proto=udp
vpn_client1_port=1191
vpn_client1_password=
vpn_client1_hmac=-1
vpn_client1_userauth=0
vpn_client1_nat=1
vpn_crt_client1_key=-----BEGIN RSA PRIVATE KEY-----
vpn_client1_local=10.8.0.2
admin@(none):/#
This is the nvram with the "Redirect Internet traffic" option set to YES:
admin@(none):/# nvram show | grep client1
vpn_client1_poll=0
vpn_crt_client1_static=
vpn_client1_nm=255.255.255.0
vpn_client1_cipher=DES-CBC
vpn_client1_addr=us3.vpnsecure.me
vpn_client1_reneg=-1
vpn_client1_username=
vpn_client1_comp=yes
vpn_client1_retry=30
vpn_client1_gw=
vpn_client1_adns=0
vpn_client1_tlsremote=0
vpn_client1_if=tun
vpn_crt_client1_crt=-----BEGIN CERTIFICATE-----
vpn_client1_custom=comp-lzo
vpn_client1_rgw=1
vpn_client1_remote=10.8.0.1
vpn_client1_rg=0
vpn_client1_crypt=tls
vpn_client1_useronly=0
vpn_client1_bridge=1
vpn_crt_client1_ca=-----BEGIN CERTIFICATE-----
vpn_client1_proto=udp
vpn_client1_firewall=auto
vpn_client1_port=1191
vpn_client1_password=
vpn_client1_hmac=-1
vpn_client1_userauth=0
vpn_client1_nat=1
vpn_crt_client1_key=-----BEGIN RSA PRIVATE KEY-----
size: 46592 bytes (18944 left)
vpn_client1_local=10.8.0.2
admin@(none):/#
The difference is in the line:
vpn_client1_rgw=1
This says to me that with the OpenVPN client running and the "Redirect Internet traffic" option set to NO I still get a default route out the VPN interface.
Am I looking at this wrong ?
Last edited: