VPN routing how to exclude specific ports

[Marvin Gage]

I want to be able to exclude specific ports from VPN. So in general everything uses VPN except for specific ports for apps that do not work with VPN.

Example is a Java App that I use port 2002 for. I tried to do a port forward but when I am using VPN Client port forward does not work with the client.

How can I exclude a specific port like this to use WAN and not the VPN?

 

[Martineau]

I want to be able to exclude specific ports from VPN. So in general everything uses VPN except for specific ports for apps that do not work with VPN.

Example is a Java App that I use port 2002 for. I tried to do a port forward but when I am using VPN Client port forward does not work with the client.

How can I exclude a specific port like this to use WAN and not the VPN?

OpenVPN Selective Port routing Wiki Selective Port Routing
EDIT: Here is the relocated direct link Selective Port Routing

 

[Marvin Gage]

OpenVPN Selective Port routing Wiki Selective Port Routing
EDIT: Here is the relocated direct link Selective Port Routing

Is there a better tutorial first thing it starts with is I need a NAT-START script. Where the heck do I get that script? I found the script folder using WINSCP but I see no NAT-START and can't find anything for a real tutorial on what NAT-START is.

 

[Martineau]

Is there a better tutorial first thing it starts with is I need a NAT-START script. Where the heck do I get that script? I found the script folder using WINSCP but I see no NAT-START and can't find anything for a real tutorial on what NAT-START is.

There is a wealth of information on the RMerlin Wiki and includes examples of implementing scripts on the router - specifically User scripts should answer your query.

 

[Marvin Gage]

Does not seem to be working at all for me.

1. Force Internet traffic through tunnel > Policy Rules
2. Enable JFFS custom scripts and configs > YES
3. Edited script and saved as nat-start below using nano
4. chmod a+rx /jffs/scripts/*
5. Reboot router

#!/bin/sh

sleep 10  # During the boot process nat-start may run multiple times so this is required          

# Ensure duplicate rules are not created
for VPN_ID in 0 1 2 3 4 5
   do
      ip rule del prio 999$VPN_ID  2>/dev/null
   done

# Create the RPDB rules
ip rule add from 0/0 fwmark "0x8000/0x8000" table main   prio 9990        # WAN   fwmark
ip rule add from 0/0 fwmark "0x7000/0x7000" table ovpnc4 prio 9991        # VPN 4 fwmark
ip rule add from 0/0 fwmark "0x3000/0x3000" table ovpnc5 prio 9992        # VPN 5 fwmark
ip rule add from 0/0 fwmark "0x1000/0x1000" table ovpnc1 prio 9993        # VPN 1 fwmark
ip rule add from 0/0 fwmark "0x2000/0x2000" table ovpnc2 prio 9994        # VPN 2 fwmark
ip rule add from 0/0 fwmark "0x4000/0x4000" table ovpnc3 prio 9995        # VPN 3 fwmark

# iptables rule to Selectively route the desired Ports via the designated VPN Client
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.10 -p tcp -m multiport --sport 2002 -j MARK --set-mark 0x8000/0x8000