Joined: 09 Jan 2020 Posts: 17 Location: Heemskerk, The Netherlands
Posted: Thu Jan 09, 2020 21:59 Post subject: Exclude some IP/devices from my Router VPN [solved]
Hi there,
I have a Linksys WRT3200ACM router, currently with the firmware from Expressvpn. I did us dd-wrt in the past and want to go back to dd-wrt instead of the Expressvpn firmware.
There is only one thing that I cannot find, when I'm going to use dd-wrt.
When I config my vpn on the router (on dd-wrt) all clients using the internet through VPN. But I need a view devices not to. In the original firmware from Expressvpn I can set this clients to not use the VPN.
Is it possible to config dd-wrt settings so that I can exclude some of the devices/IP/macaddresses from the VPN connection. (so it is using my isp connection.
And if this is possible, does portforwarding works on the devices that are not on the VPN?
Back to top
Last edited by ray_308 on Mon Jan 13, 2020 16:06; edited 1 time in total
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Sun Jan 12, 2020 17:17 Post subject:
ray_308 wrote:
Thanks for your reply again. So you set al your clients/devices to use the VPN, and if you not set a client it is not using the VPN?
I thought that al clients used the VPN ones you make the vpn connection. But is the other way around so it seems.
The guide is excellent by the way.
I believe you can specify either which clients do use or which clients do not use the vpn, but check out @egc's guide for the real answer.
I've never needed port forwarding so am no expert, but I do find it intriguing that AirVPN (or other vpn providers? anyone know?) offers port forwarding from an AirVPN server back to your router when you are connected to that server in the ordinary way: https://airvpn.org/faq/port_forwarding/. The IP address you present to the world is that of one of their servers, so you maintain some location and other privacy as well as location flexibility. You can move around. You can connect to their server from different IP addresses, but your customers or users or whatever always see you at the same IP address and port. When you set this up, you can choose the port they will see (if it is not already taken), but it cannot be a low-numbered port, so no port 80 or 443. You can, however, have the high-numbered port your users see mapped to a low-numbered port on your system if you wish. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 18 Mar 2014 Posts: 12881 Location: Netherlands
Posted: Mon Jan 13, 2020 12:08 Post subject:
Regarding DNS leak you will have that when using PBR and you can not do a lot about it (well you can use static routing but as the VPN address is not fixed and changes a lot that is difficult), you can in builds after 41174 as detailed in the third post of the PBR thread: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Joined: 18 Mar 2014 Posts: 12881 Location: Netherlands
Posted: Mon Jan 13, 2020 12:45 Post subject:
Be sure to research the build threads Marvell routers can be picky, see point 8 and 9
Below some pointers which might help to get the best out of DDWRT and out of the forum:
1. Research your router, start with the supported devices wiki:
https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices .
2. In the supported devices wiki you can see if your router is supported and what architecture your router has and if you are lucky also an install guide/wiki.
3. Post in the right forum, from the former step you can see if your router is Broadcom, Qualcomm/Atheros, Marvell or other, use that forum to post router specific questions, for networking questions post in the Advanced Networking forum and for other things in the General Questions forum.
4. When posting always state router model, build number and when applicable the Kernel version.
Describe your problem and how you think it can be solved.
Give as much detail as you can also provide your network setup if applicable.
For your Network setup, state what wiki you have used: https://wiki.dd-wrt.com/wiki/index.php/Linking_Routers
5. When posting pictures make sure the maximum width is not more than 600 pixels.
6. Do not hijack a thread, meaning do not post your own problem in someone else's thread. Just start your own thread. This so that it can be searched and found by others.
7. If your post is answered and your problem solved, mark your thread with [SOLVED] (the header of your first post).
8. Do NOT use the router database, builds can be found at:
https://dd-wrt.com/support/other-downloads/?path=betas%2F2019%2F
All builds are beta including those from the router database.
9. Before uploading a new build to your router, research the build by looking in the build threads.
This is an example of a build thread for build 41686 for Broadcom routers:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322339
Search build threads with the search function and search on build number.
10. Use the build threads from the former step to report success or problems.
11. For older Broadcom routers (Linksys WRT54 and E series) read the peacock thread although some of it is outdated: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=51486
Builds can be found in the Broadcom directory for Linux kernel 2.4, in Broadcom_K26 for Linux K2.6 and in Broadcom_K3X for Linux K3.X.
12. If you are sure you have discovered a bug, after asking and querying the forum, you can report a real bug in the bug tracker: https://svn.dd-wrt.com/
This is also the place where the commits/changes to the source are administrated.
13. Recommended reading:
https://forum.dd-wrt.com/wiki/index.php/Main_Page https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=54845 https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=54959
14. If you are happy with DDWRT and want it to live on then donate:
https://dd-wrt.com/donations/ _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Joined: 18 Mar 2014 Posts: 12881 Location: Netherlands
Posted: Mon Jan 13, 2020 14:11 Post subject:
I think the problem is hairpinning/NAT loopback, you can not reach your own DNS address (like the one you are setting up with DYNDNS) that is a limitation of NAT/loopback, I think the router does not NAT your internal client's address. Thus, the TCP handshake fails.
If that is your problem, then there should be a trick for that, it is something like adding in the additional DNSMasq options:
address=/mydnsaddress.com/my-internal-ipadress