Menu
What's new
By:
Filters Better Search

VPN Client routing for WAN not working

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

X

xed

New Around Here
I'm running 384.13 on an RT-AC1900P. At the moment I have one master rule for sending all LAN traffic "192.168.2.0/24" through the VPN and then I specify each LAN IP addresses that I want to to go directly to the WAN and skip the VPN. Here's what's weird.

If I specify a LAN IP to go straight to WAN then after I apply it works but only for about 20 seconds. On the machine I'm sending to the WAN I can have a browser open to a "where is my ip location" webpage and repeatedly hit refresh and watch when it kicks over from telling me my VPN provider's exit point to my real machine location. Then after about 20 seconds it's dead with no access. Its behaving like the router would be expected to behave if "Block routed clients if tunnel goes down"=Yes and there was no WAN rule and the VPN tunnel went down.

At first I thought it might be something to do with "Policy Rules" vs "Policy Rules (Stricte)" So I backed up a step and took all my VPN Client routing rules out except for just my one main LAN routing "192.168.2.0/24" to VPN and set "Block routed clients if tunnel goes down"=Yes. If VPN Client is on and connected then fine if not connected then all blocked. Ok so far, that's exactly as expected. Then I flipped "Block routed clients if tunnel goes down"=No. If VPN Client is on and connected then fine if not connected then that same 20 second thing happens again where all traffic is correctly routed to the WAN (because "Block routed clients if tunnel goes down"=No) but after about 20 seconds all traffic is suddenly blocked.

It's acting like it checks to see what traffic should be routed to the WAN (either all of it if "Block routed clients if tunnel goes down"=No or just some of it if I have my individual rules in) and it does it correctly (the change from VPN to WAN really does happen) but then 20 seconds later it slams the door.

Any help would be greatly appreciated; thank you.
 
You may want to try the common configuration where you want your entire LAN to go through the VPN, but not the router itself:

Code: 
LAN_IPs    192.168.1.0/24    0.0.0.0    VPN
Router     192.168.1.1       0.0.0.0    WAN


You can use the command ip rule from an SSH session to see the RPDB rules. The lower priority numbers get the highest priority:

Code: 
0:      from all lookup local
10104:  from 192.168.1.150 lookup ovpnc1
10105:  from 192.168.1.151 lookup ovpnc1
10106:  from 192.168.1.153 lookup ovpnc1
10107:  from 192.168.1.154 lookup ovpnc1
10301:  from 192.168.1.165 lookup ovpnc2
10302:  from 192.168.1.149 lookup ovpnc2
10303:  from 192.168.1.152 lookup ovpnc2
32766:  from all lookup main
32767:  from all lookup default

Devices defined to use the WAN won't appear in the list.
 
I tried adding in a second rule for...
Code: 
Router     192.168.2.1       0.0.0.0    WAN

... which was in addition to my ...
Code: 
LAN_IPs    192.168.2.0/24    0.0.0.0    VPN

... but the same thing still happens. If I "Block routed clients if tunnel goes down"=No it still blocks when client isn't connected (and then of course also blocks for anything I have a rule for for local to go to WAN and bypass VPN if connected.
 
I gave up and did a factory reset and then reinput my settings and everything went back to working as expected. Presumably something was quirky due to a prior firmware update and it took a factory reset to clear out whatever was making it act so strangely.
 
You must log in or register to reply here.

Similar threads

E
VPN Killswitch not working on RT-AC68U 386.12_4
Replies
0
Views
331
eddy3702
E
B
Firewall lan - vpn?
Replies
0
Views
256
blast
B
nothingness
RT-AC86U VPN Director Not Routing Through WAN
Replies
1
Views
606
nothingness
nothingness
E
VPN Director question
Replies
2
Views
762
elorimer
E
M
Finding my Correct Network/Subnet Mask
Replies
10
Views
633
mykdrocks
M
Similar threads
Thread starter Title Forum Replies Date
G [Help] Routing VPN server through VPN client (external VPN Provider) Asuswrt-Merlin 14
S Multicast routing SSDP to Wireguard VPN client(s) Asuswrt-Merlin 5
C How can I do this.. Router VPN Client to Server 2 Asuswrt-Merlin 3
G VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN Asuswrt-Merlin 4
johndoe85 VPN site to site with additional VPN client to hide IP Asuswrt-Merlin 14
C VPN Client KillSwitch/Automatic Start at Boot Failures Asuswrt-Merlin 3
D How to restrict VPN network access to certain IP Range or Hosts for specific VPN client Asuswrt-Merlin 8
Quan Wireguard performance on ASUS XT8 running VPN client Asuswrt-Merlin 1
H WireGuard VPN PreUp Option to Run Command Before Client Connects? Asuswrt-Merlin 3
B VPN Client Problem Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 576 (members: 29, guests: 547)
Top