Simple question about configuring Policy-based routing for an OpenVPN client

[mer_du_sud]

Indeed, i have made another test tonigth and i have the following line :
Nov 16 23:38:11 rc_service: ntpd_synced 663:notify_rc start_vpnclient4
but, i have also a few lines further :
Nov 16 23:38:26 rc_service: skip the event: start_vpnclient4.
Maybe, this is the reason why client vpn has not started ?

Hello.
For mysterious reasons (mysterious for me), since two or three weeks, problem did not occur anymore. After reboot, VPN client is ON and in the log, i have only the line "05:03:07 rc_service: ntpd_synced 678:notify_rc start_vpnclient4". I don't have anymore the line " rc_service: skip the event: start_vpnclient4 ".

 

[jamesl]

Thank you for the link. If I understand correctly "By default, all traffic go through the WAN", it means I have only to write 2 lines (according to my example) :
192.168.2.50 -> VPN
192.168.2.77 -> VPN
And that's all ? Nothing to write for all other devices I want to go directly to WAN ? Right ?

Is there a way to have it behave the opposite way, where by default all traffic goes through the VPN? I would like all my devices to go through the VPN, except for my streaming devices. Are you saying I'll have to create a rule for each device to go through the VPN? Rather than having to maintain a rule for the majority of my devices, I would like to simplify it to only have to create a few exceptions for the streaming devices to go through the WAN instead.

 

[ColinTaylor]

Is there a way to have it behave the opposite way, where by default all traffic goes through the VPN? I would like all my devices to go through the VPN, except for my streaming devices. Are you saying I'll have to create a rule for each device to go through the VPN? Rather than having to maintain a rule for the majority of my devices, I would like to simplify it to only have to create a few exceptions for the streaming devices to go through the WAN instead.

This is explained in the wiki. Look at the examples and modify for your own devices.

https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing

 

[jamesl]

This is explained in the wiki. Look at the examples and modify for your own devices.

https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing

I had read that before posting, but not sure I followed it. I'm not seeing where I can flip the default behavior.

 

[john9527]

I had read that before posting, but not sure I followed it. I'm not seeing where I can flip the default behavior.

Just remember that WAN rules take precedence over VPN rules......so set a rule for everything to go through the VPN, then define exceptions for the WAN....

 

[Martineau]

I had read that before posting, but not sure I followed it. I'm not seeing where I can flip the default behavior.

From the

 

[jamesl]

OK, I think I get it now.
The default would still be to send all the traffic through the WAN.
My first rule would just be to circumvent that by sending my whole subnet through the VPN.
Then my subsequent rules would come back through and send specific IPs back through the WAN.