1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Routing router through VPN and the rest through WAN

Discussion in 'Asuswrt-Merlin' started by owiecc, Sep 21, 2019.

  1. owiecc

    owiecc Occasional Visitor

    Joined:
    Feb 26, 2014
    Messages:
    12
    I am trying to setup my router (AX88) so that the traffic from the router (transmission) goes through VPN and the rest of the devices go through WAN.

    If I set Redirect Internet traffic to all the router goes through VPN. I am checking by testing the external IP: curl ipinfo.io/ip

    When I use Policy rules in Redirect Internet traffic with this config (after https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing):

    Code:
    LAN_IPs    192.168.1.0/24    0.0.0.0   VPN
    Router     192.168.1.1       0.0.0.0   VPN 
    
    my router goes through WAN (curl ipinfo.io/ip from the router shows my ISP's IP) while everything else goes through VPN. 192.168.1.1 is my router's IP.
     
  2. icsy7687

    icsy7687 Occasional Visitor

    Joined:
    Mar 6, 2015
    Messages:
    26
    Location:
    USA
    Is your transmission setup in the router? Or on a separate computer?

    If it's on a separate computer you should be able to set it up so only that IP gets tunneled through the VPN

    If it's running on the router. You would probably need some sort of policy based routing to grab outgoing ports and putting it through the correct interface. This can be accomplished by having and openvpn up script that sets this up.
     
  3. Martineau

    Martineau Part of the Furniture

    Joined:
    Jul 8, 2012
    Messages:
    2,320
    Location:
    UK
    Quick steps:
    Code:
    ifconfig br0:trans xxx.xxx.xxx.xxx up
    where xxx.xxx.xxx.xxx is outside your DHCP pool

    Bind Transmission to xxx.xxx.xxx.xxx by changing settings in '/opt/etc/transmission/settings.json'
    Code:
    bind-address-ipv4: xxx.xxx.xxx.xxx
    Then you can simply redirect ALL of the router's Transmission traffic via the VPN simply by specifying xxx.xxx.xxx.xxx in the 'Policy Rules' GUI.

    see Transmission via VPN
     
    icsy7687 likes this.
  4. icsy7687

    icsy7687 Occasional Visitor

    Joined:
    Mar 6, 2015
    Messages:
    26
    Location:
    USA
    That's a way cleaner way to do it! I didn't think of that.
     
  5. dosborne

    dosborne Senior Member

    Joined:
    May 11, 2019
    Messages:
    201
    Location:
    /dev/null
    There are even easier ways..... I forget all the details on the setup, but I got it all 9n this site in the past.

    Basically, you configure it all in the router and the GUI. No futsing around with SSH or the transmission box, etc. It only requires static (or assigned) IP addresses.

    Configure the VPN so that only the IP addresses in the table go through the VPN. WAN is used for all the others.

    Makes it super easy if you have more than one VPN provider as well as you just specify which IPs go through each VPN.

    You will have to search, but I'm pretty sure it was just a matter of setting Redirect Internet Traffic to Policy Rules ( and maybe Accept DNS configuration to Relaxed) and adding the IPs to be redirected.

    No binding, no ifconfig, etc required :)
     
  6. Martineau

    Martineau Part of the Furniture

    Joined:
    Jul 8, 2012
    Messages:
    2,320
    Location:
    UK
    The OP wants to route a single specific APPLICATION running on a single specific LAN device (in this case the router itself) via a specific VPN.

    Adding a LAN device to the Selective Routing Policy Rules GUI
    e.g. Router
    Code:
    Router   192.68.1.1   0.0.0.0   VPN
    routes ALL its traffic thru the VPN tunnel.

    In the case of the router, this is usually inappropriate, however, with advanced 'futsing' (using SSH and application configuration binding) we can create a seemingly bog-standard Selective Routing RPDB rule using the GUI
    Code:
    TransmissionApp  app.bind.alias.ip  0.0.0.0   VPN
    that cleverly (explicitly) addresses the OPS requirement by keeping all of the router's (192.168.1.1) traffic via the WAN except for the router's Transmission traffic.
     
    Last edited: Sep 23, 2019
  7. owiecc

    owiecc Occasional Visitor

    Joined:
    Feb 26, 2014
    Messages:
    12
    I got the interface running. I added the ifconfig br0:trans 192.168.66.1 up to the services-start. Things did not work at all. Then I had a brilliant thought of moving this IP to 192.168.1.0 net. I changed my DHCP address pool to .2-199 and set the transmission address to 192.168.1.200. Things work perfect now. Thank you vey much for the help.

    Tested with https://ipleak.net
     
  8. Nilugeator

    Nilugeator New Around Here

    Joined:
    Sep 22, 2019
    Messages:
    6
    hello
    unfortunately I am not able to do that
    If I bind transmission IP, I dont know why but after a few minutes transmission is still crashing.
    Without that modification (binding IPV4 in transmission seetings.json), transmission is never crashing

    So I come back to the first question and would like to know, please, why is this instruction not working as it should (router going through VPN) :

    Router 192.168.1.1 0.0.0.0 VPN

    Is it a known issue or is is something else to do to have router going through vpn?
     
    Last edited: Oct 8, 2019 at 7:07 PM
  9. Nilugeator

    Nilugeator New Around Here

    Joined:
    Sep 22, 2019
    Messages:
    6
    any idea please?
     
  10. owiecc

    owiecc Occasional Visitor

    Joined:
    Feb 26, 2014
    Messages:
    12
    Yes, I did also have problems with transmission starting. I added these lines to /jffs/scripts/services-start:

    Code:
    # FIX: transmission-daemon
    #   UDP Failed to set receive buffer: requested 4194304, got 245760 (tr-udp.c:84)
    #   UDP Please add the line "net.core.rmem_max = 4194304" to /etc/sysctl.conf (tr-udp.>
    #   UDP Failed to set send buffer: requested 1048576, got 245760 (tr-udp.c:95)
    #   UDP Please add the line "net.core.wmem_max = 1048576" to /etc/sysctl.conf (tr-udp.>
    /bin/echo 4194304 >/proc/sys/net/core/rmem_max
    /bin/echo 1048576 >/proc/sys/net/core/wmem_max
    
     
  11. Nilugeator

    Nilugeator New Around Here

    Joined:
    Sep 22, 2019
    Messages:
    6
    thank you but apparently my crash is coming from something else :

    Oct 11 23:05:50 kernel: transmission-da[9108]: unhandled level 2 translation fault (11) at 0x00000008, esr 0x92000046
    Oct 11 23:05:50 kernel: pgd = ffffffc003ff4000
    Oct 11 23:05:50 kernel: [00000008] *pgd=0000000006f78003, *pud=0000000006f78003, *pmd=0000000000000000
    Oct 11 23:05:50 kernel: CPU: 0 PID: 9108 Comm: transmission-da Tainted: P O 4.1.27 #2
    Oct 11 23:05:50 kernel: Hardware name: Broadcom-v8A (DT)
    Oct 11 23:05:50 kernel: task: ffffffc0172e2140 ti: ffffffc006e04000 task.ti: ffffffc006e04000
    Oct 11 23:05:50 kernel: PC is at 0x437320
    Oct 11 23:05:50 kernel: LR is at 0x43731c
    Oct 11 23:05:50 kernel: pc : [<0000000000437320>] lr : [<000000000043731c>] pstate: 60000000
    Oct 11 23:05:50 kernel: sp : 0000007fabacf750
    Oct 11 23:05:50 kernel: x29: 0000007fabacf760 x28: 000000005da0eead
    Oct 11 23:05:50 kernel: x27: 0000000000000000 x26: 0000000000000000
    Oct 11 23:05:50 kernel: x25: 0000000000000000 x24: 0000007fa40829f0
    Oct 11 23:05:50 kernel: x23: 0000007fa4082860 x22: 00000000188a8cf0
    Oct 11 23:05:50 kernel: x21: 0000007fa4082cb0 x20: 0000007fa40054b0
    Oct 11 23:05:50 kernel: x19: 0000007fa4002410 x18: 00000000000000d0
    Oct 11 23:05:50 kernel: x17: 0000007fac19fcb0 x16: 000000000046d580
    Oct 11 23:05:50 kernel: x15: 00000000367ffffe x14: 0000000000000002
    Oct 11 23:05:50 kernel: x13: 000000000007fce0 x12: 0000007fa4040720
    Oct 11 23:05:50 kernel: x11: 0000000000000007 x10: 0000000000000000
    Oct 11 23:05:50 kernel: x9 : 000000000000270f x8 : 00000000000000de
    Oct 11 23:05:50 kernel: x7 : 000000002af59cf0 x6 : 0000007fac2be090
    Oct 11 23:05:50 kernel: x5 : 0000007fac2be07c x4 : 0000007fac2be070
    Oct 11 23:05:50 kernel: x3 : 0000000000000000 x2 : 0000000000000000
    Oct 11 23:05:50 kernel: x1 : 00000000000d4640 x0 : 00000000000000a4