What's new

RT-AC68U asuswrt-merlin: OpenVPN client - all traffic through VPN except traffic to one specific destination...

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

coqypef

Occasional Visitor
I am running an OpenVPN client in my router. I want all traffic to go through the VPN, except traffic to/from one specific internet IP address. Can this be done in the OpenVPN client settings web GUI? If not, how?
 
Yes. Once the client vpn is configured and up and running you can set 192.168.1.0/24 to TUN. Then you add an additional entry to for the ip of the client you want routed through WAN.

Under the lower portion of the client you select Force Internet traffic through tunnel set this to strict. After that it will open up the section where you enter your ip address that you want to route through tun or wan. The section you edit is Rules for routing client traffic through the tunnel (Max Limit : 100). It is in the gui. Works quiet well.
 
Yes. Once the client vpn is configured and up and running you can set 192.168.1.0/24 to TUN. Then you add an additional entry to for the ip of the client you want routed through WAN.

Under the lower portion of the client you select Force Internet traffic through tunnel set this to strict. After that it will open up the section where you enter your ip address that you want to route through tun or wan. The section you edit is Rules for routing client traffic through the tunnel (Max Limit : 100). It is in the gui. Works quiet well.
Works perfectly. Thank you!

Bonus question: If i occasionally want to change that one destination IP (or perhaps, if easier, add more exception IPs) without having to open the GUI, but preferrably run a script or something from my computer (debian). Is that possible?

1612204471819.png
 
Works perfectly. Thank you!

Bonus question: If i occasionally want to change that one destination IP (or perhaps, if easier, add more exception IPs) without having to open the GUI, but preferrably run a script or something from my computer (debian). Is that possible?

View attachment 30124


Never mind I think this is right.

You want all your clients access to that ONE ip address via the wan port ?
 
Works perfectly. Thank you!

Bonus question: If i occasionally want to change that one destination IP (or perhaps, if easier, add more exception IPs) without having to open the GUI, but preferrably run a script or something from my computer (debian). Is that possible?

View attachment 30124
Yes.

List the existing RPDB rules
INI:
ip rule
then replicate the WAN (table main) rule with the appropriate priority (PRIO)
Code:
ip rule add from 10.0.0.0/24 to xxx.xxx.xxx.xxx table main prio 1010x
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top