Posted: Mon Dec 27, 2021 13:26 Post subject: [SOLVED]Bridging problem with OpenVpn tunnel
Hello everyone, the firmware version I am using is r47853, and I am connected to the OpenVpn channel. Now there is a demand, I don't know how to achieve it:
I have 3 wireless SSIDs, namely dd-1, dd-2, and dd-3. My requirement is that dd-1 and dd-2 go directly through the WAN channel, and dd-3 goes through the OpenVpn channel.
I have read the help file of openvpn, but my English level is not very good, so I didn't understand how to set it up. Can anyone tell me the setup steps in detail, or the detailed command line。
Last edited by zhuli66 on Sat Jan 15, 2022 14:09; edited 3 times in total
Have a look at the OpenVPN Client setup guide under Policy Based routing.
Links in my signature at the bottom of this post
My firmware is r47853. I read the document link you signed and set it up but it didn't work. Let me talk about the situation below. The IP range set by my two APs is 192.168.8.1/24, and the IP range set by the VAP is 192.168.9.1/24. Then I set the PBR in OpenVpn as shown in the screenshot below:
After I set it up and restarted, the two APs and VAPs still use the VPN tunnel. And I need two APs to go directly through the WAN channel. Do other settings need to be made for it to take effect?
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Thu Dec 30, 2021 8:26 Post subject:
That is how it works on my router
My main subnet is 192.168.13.1/24
My VAP is 192.168.14.1/24
Only when connected to my VAP I use the VPN
I check with: ipleak.net
Also you can check the routing as outlined in the guide:
Quote:
root@EA6900:~# ip route show
default via 192.168.0.1 dev vlan2
5.152.213.186 via 192.168.0.1 dev vlan2
10.200.0.1 via 10.200.0.45 dev tun1
10.200.0.45 dev tun1 scope link src 10.200.0.46
127.0.0.0/8 dev lo scope link
192.168.0.0/24 dev vlan2 scope link src 192.168.0.13
192.168.13.0/24 dev br0 scope link src 192.168.13.1
192.168.14.0/24 dev wl0.1 scope link src 192.168.14.1
root@EA6900:~# ip route show table 10
0.0.0.0/1 via 10.200.0.45 dev tun1
default via 192.168.0.1 dev vlan2
5.152.213.186 via 192.168.0.1 dev vlan2
10.200.0.1 via 10.200.0.45 dev tun1
10.200.0.45 dev tun1 scope link src 10.200.0.46
127.0.0.0/8 dev lo scope link
128.0.0.0/1 via 10.200.0.45 dev tun1
192.168.0.0/24 dev vlan2 scope link src 192.168.0.13
192.168.13.0/24 dev br0 scope link src 192.168.13.1
192.168.14.0/24 dev wl0.1 scope link src 192.168.14.1
root@EA6900:~# ip rule show
0: from all lookup local
32765: from 192.168.14.1/24 lookup 10
32766: from all lookup main
32767: from all lookup default
root@EA6900:~#
I do not know what the VAP interface is in your case (ifconfig) but in my case it is wl0.1
So instead of 192.168.14.1/24, I can also use in the PBR box:
Code:
iif wl0.1
Code:
root@EA6900:~# ip rule show
0: from all lookup local
32765: from all iif wl0.1 lookup 10
32766: from all lookup main
32767: from all lookup default
My VAP interface is wlan0.1, after replacing the example you gave, it looks like this, right:
iif wlan0.1
root@linksys1900:~# ip rule show
0: from all lookup local
32765: from all iif wlan0.1 lookup 10
32766: from all lookup main
32767: from all lookup default
Then, I filled in the above code in the PBR box, but it is still invalid, all network segments are through VPN tunnels.
I filled in the position of the screenshot below: