RT-AC68U asuswrt-merlin: OpenVPN client - all traffic through VPN except traffic to one specific destination...

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

coqypef

Occasional Visitor
I am running an OpenVPN client in my router. I want all traffic to go through the VPN, except traffic to/from one specific internet IP address. Can this be done in the OpenVPN client settings web GUI? If not, how?
 

negen

New Around Here
Yes. Once the client vpn is configured and up and running you can set 192.168.1.0/24 to TUN. Then you add an additional entry to for the ip of the client you want routed through WAN.

Under the lower portion of the client you select Force Internet traffic through tunnel set this to strict. After that it will open up the section where you enter your ip address that you want to route through tun or wan. The section you edit is Rules for routing client traffic through the tunnel (Max Limit : 100). It is in the gui. Works quiet well.
 

coqypef

Occasional Visitor
Yes. Once the client vpn is configured and up and running you can set 192.168.1.0/24 to TUN. Then you add an additional entry to for the ip of the client you want routed through WAN.

Under the lower portion of the client you select Force Internet traffic through tunnel set this to strict. After that it will open up the section where you enter your ip address that you want to route through tun or wan. The section you edit is Rules for routing client traffic through the tunnel (Max Limit : 100). It is in the gui. Works quiet well.
Works perfectly. Thank you!

Bonus question: If i occasionally want to change that one destination IP (or perhaps, if easier, add more exception IPs) without having to open the GUI, but preferrably run a script or something from my computer (debian). Is that possible?

1612204471819.png
 

negen

New Around Here
Works perfectly. Thank you!

Bonus question: If i occasionally want to change that one destination IP (or perhaps, if easier, add more exception IPs) without having to open the GUI, but preferrably run a script or something from my computer (debian). Is that possible?

View attachment 30124


Never mind I think this is right.

You want all your clients access to that ONE ip address via the wan port ?
 

Martineau

Part of the Furniture
Works perfectly. Thank you!

Bonus question: If i occasionally want to change that one destination IP (or perhaps, if easier, add more exception IPs) without having to open the GUI, but preferrably run a script or something from my computer (debian). Is that possible?

View attachment 30124
Yes.

List the existing RPDB rules
INI:
ip rule
then replicate the WAN (table main) rule with the appropriate priority (PRIO)
Code:
ip rule add from 10.0.0.0/24 to xxx.xxx.xxx.xxx table main prio 1010x
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top