Routing router through VPN and the rest through WAN

[owiecc]

I am trying to setup my router (AX88) so that the traffic from the router (transmission) goes through VPN and the rest of the devices go through WAN.

If I set Redirect Internet traffic to all the router goes through VPN. I am checking by testing the external IP: curl ipinfo.io/ip

When I use Policy rules in Redirect Internet traffic with this config (after https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing):

LAN_IPs    192.168.1.0/24    0.0.0.0   VPN
Router     192.168.1.1       0.0.0.0   VPN

my router goes through WAN (curl ipinfo.io/ip from the router shows my ISP's IP) while everything else goes through VPN. 192.168.1.1 is my router's IP.

 

[icsy7687]

Is your transmission setup in the router? Or on a separate computer?

If it's on a separate computer you should be able to set it up so only that IP gets tunneled through the VPN

If it's running on the router. You would probably need some sort of policy based routing to grab outgoing ports and putting it through the correct interface. This can be accomplished by having and openvpn up script that sets this up.

 

[Martineau]

I am trying to setup my router (AX88) so that the traffic from the router (transmission) goes through VPN and the rest of the devices go through WAN.

Quick steps:

ifconfig br0:trans xxx.xxx.xxx.xxx up

where xxx.xxx.xxx.xxx is outside your DHCP pool

Bind Transmission to xxx.xxx.xxx.xxx by changing settings in '/opt/etc/transmission/settings.json'

bind-address-ipv4: xxx.xxx.xxx.xxx

Then you can simply redirect ALL of the router's Transmission traffic via the VPN simply by specifying xxx.xxx.xxx.xxx in the 'Policy Rules' GUI.

see Transmission via VPN

 

[icsy7687]

That's a way cleaner way to do it! I didn't think of that.

 

[dosborne]

That's a way cleaner way to do it! I didn't think of that

There are even easier ways..... I forget all the details on the setup, but I got it all 9n this site in the past.

Basically, you configure it all in the router and the GUI. No futsing around with SSH or the transmission box, etc. It only requires static (or assigned) IP addresses.

Configure the VPN so that only the IP addresses in the table go through the VPN. WAN is used for all the others.

Makes it super easy if you have more than one VPN provider as well as you just specify which IPs go through each VPN.

You will have to search, but I'm pretty sure it was just a matter of setting Redirect Internet Traffic to Policy Rules ( and maybe Accept DNS configuration to Relaxed) and adding the IPs to be redirected.

No binding, no ifconfig, etc required

 

[Martineau]

There are even easier ways..... I forget all the details on the setup, but I got it all 9n this site in the past.

Basically, you configure it all in the router and the GUI. No futsing around with SSH or the transmission box, etc. It only requires static (or assigned) IP addresses.

Configure the VPN so that only the IP addresses in the table go through the VPN. WAN is used for all the others.

Makes it super easy if you have more than one VPN provider as well as you just specify which IPs go through each VPN.

You will have to search, but I'm pretty sure it was just a matter of setting Redirect Internet Traffic to Policy Rules ( and maybe Accept DNS configuration to Relaxed) and adding the IPs to be redirected.

No binding, no ifconfig, etc required

The OP wants to route a single specific APPLICATION running on a single specific LAN device (in this case the router itself) via a specific VPN.

Adding a LAN device to the Selective Routing Policy Rules GUI
e.g. Router

Router   192.68.1.1   0.0.0.0   VPN

routes ALL its traffic thru the VPN tunnel.

In the case of the router, this is usually inappropriate, however, with advanced 'futsing' (using SSH and application configuration binding) we can create a seemingly bog-standard Selective Routing RPDB rule using the GUI

TransmissionApp  app.bind.alias.ip  0.0.0.0   VPN

that cleverly (explicitly) addresses the OPS requirement by keeping all of the router's (192.168.1.1) traffic via the WAN except for the router's Transmission traffic.

 

[owiecc]

I got the interface running. I added the ifconfig br0:trans 192.168.66.1 up to the services-start. Things did not work at all. Then I had a brilliant thought of moving this IP to 192.168.1.0 net. I changed my DHCP address pool to .2-199 and set the transmission address to 192.168.1.200. Things work perfect now. Thank you vey much for the help.

Tested with https://ipleak.net

 

[Nilugeator]

hello
unfortunately I am not able to do that
If I bind transmission IP, I dont know why but after a few minutes transmission is still crashing.
Without that modification (binding IPV4 in transmission seetings.json), transmission is never crashing

So I come back to the first question and would like to know, please, why is this instruction not working as it should (router going through VPN) :

Router 192.168.1.1 0.0.0.0 VPN

Is it a known issue or is is something else to do to have router going through vpn?

 

[Nilugeator]

any idea please?

 

[owiecc]

Yes, I did also have problems with transmission starting. I added these lines to /jffs/scripts/services-start:

# FIX: transmission-daemon
#   UDP Failed to set receive buffer: requested 4194304, got 245760 (tr-udp.c:84)
#   UDP Please add the line "net.core.rmem_max = 4194304" to /etc/sysctl.conf (tr-udp.>
#   UDP Failed to set send buffer: requested 1048576, got 245760 (tr-udp.c:95)
#   UDP Please add the line "net.core.wmem_max = 1048576" to /etc/sysctl.conf (tr-udp.>
/bin/echo 4194304 >/proc/sys/net/core/rmem_max
/bin/echo 1048576 >/proc/sys/net/core/wmem_max

 

[Nilugeator]

thank you but apparently my crash is coming from something else :

Oct 11 23:05:50 kernel: transmission-da[9108]: unhandled level 2 translation fault (11) at 0x00000008, esr 0x92000046
Oct 11 23:05:50 kernel: pgd = ffffffc003ff4000
Oct 11 23:05:50 kernel: [00000008] *pgd=0000000006f78003, *pud=0000000006f78003, *pmd=0000000000000000
Oct 11 23:05:50 kernel: CPU: 0 PID: 9108 Comm: transmission-da Tainted: P O 4.1.27 #2
Oct 11 23:05:50 kernel: Hardware name: Broadcom-v8A (DT)
Oct 11 23:05:50 kernel: task: ffffffc0172e2140 ti: ffffffc006e04000 task.ti: ffffffc006e04000
Oct 11 23:05:50 kernel: PC is at 0x437320
Oct 11 23:05:50 kernel: LR is at 0x43731c
Oct 11 23:05:50 kernel: pc : [<0000000000437320>] lr : [<000000000043731c>] pstate: 60000000
Oct 11 23:05:50 kernel: sp : 0000007fabacf750
Oct 11 23:05:50 kernel: x29: 0000007fabacf760 x28: 000000005da0eead
Oct 11 23:05:50 kernel: x27: 0000000000000000 x26: 0000000000000000
Oct 11 23:05:50 kernel: x25: 0000000000000000 x24: 0000007fa40829f0
Oct 11 23:05:50 kernel: x23: 0000007fa4082860 x22: 00000000188a8cf0
Oct 11 23:05:50 kernel: x21: 0000007fa4082cb0 x20: 0000007fa40054b0
Oct 11 23:05:50 kernel: x19: 0000007fa4002410 x18: 00000000000000d0
Oct 11 23:05:50 kernel: x17: 0000007fac19fcb0 x16: 000000000046d580
Oct 11 23:05:50 kernel: x15: 00000000367ffffe x14: 0000000000000002
Oct 11 23:05:50 kernel: x13: 000000000007fce0 x12: 0000007fa4040720
Oct 11 23:05:50 kernel: x11: 0000000000000007 x10: 0000000000000000
Oct 11 23:05:50 kernel: x9 : 000000000000270f x8 : 00000000000000de
Oct 11 23:05:50 kernel: x7 : 000000002af59cf0 x6 : 0000007fac2be090
Oct 11 23:05:50 kernel: x5 : 0000007fac2be07c x4 : 0000007fac2be070
Oct 11 23:05:50 kernel: x3 : 0000000000000000 x2 : 0000000000000000
Oct 11 23:05:50 kernel: x1 : 00000000000d4640 x0 : 00000000000000a4