I have an EdgeRouter Lite, with my internet connection coming in on eth0. Currently I have an openvpn connection setup in the usual way, and traffic from eth1 going over this connection.
I have connected eth2 and do not want this traffic to be sent over the vpn. However, on invocation of openvpn, I notice that it adds the 0.0.0.0/0 route to the routing table, pointing all traffic towards the VPN connection.
Is there a way to finesse this, such that eth1 goes over the openvpn connection, and eth2 goes straight to to eth0? Ultimately I would also like to be able to route between the two subnets, which is currently not possible. Current setup follows:
firewall { all-ping enable broadcast-ping disable group { } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable modify SOURCE_ROUTE { rule 10 { action modify modify { table 1 } source { address 192.168.1.0/24 } } } name TV-HTTP { default-action accept description "" } name WAN_IN { default-action accept description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } } name WAN_LOCAL { default-action accept description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address dhcp description Internet duplex auto firewall { in { name WAN_IN } local { name WAN_LOCAL } } speed auto } ethernet eth1 { address 192.168.1.1/24 description Local duplex auto firewall { in { modify SOURCE_ROUTE } local { name TV-HTTP } out { } } mtu 9000 speed auto } ethernet eth2 { address 192.168.2.1/24 description "Local 2" disable duplex auto speed auto } loopback lo { } openvpn vtun0 { config-file /config/auth/pia/melbourne2.ovpn } } protocols { static { } } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN1 { authoritative disable subnet 192.168.1.0/24 { default-router 192.168.1.1 dns-server 192.168.1.1 lease 86400 start 192.168.1.38 { stop 192.168.1.243 } } } shared-network-name LAN2 { authoritative disable subnet 192.168.2.0/24 { default-router 192.168.2.1 dns-server 192.168.2.1 lease 86400 start 192.168.2.38 { stop 192.168.2.243 } } } } dns { forwarding { cache-size 150 listen-on eth1 listen-on eth2 } } gui { https-port 443 } mdns { reflector } nat { rule 5000 { description openvpn-host log disable outbound-interface vtun0 source { address 192.168.1.0/24 } type masquerade } rule 5010 { description "masquerade for WAN" destination { address 192.168.0.0/24 } log disable outbound-interface eth0 protocol all type masquerade } rule 5011 { destination { port 80 } log disable outbound-interface eth0 outside-address { address 192.168.1.44 port 3128 } protocol tcp type source } } ssh { port 22 protocol-version v2 } }
OpenVPN config file:
client dev tun proto udp remote aus-melbourne.privateinternetaccess.com 1194 resolv-retry infinite nobind persist-key persist-tun ca /config/auth/pia/ca.crt tls-client remote-cert-tls server auth-user-pass comp-lzo verb 1 reneg-sec 0 crl-verify /config/auth/pia/crl.pem auth-user-pass /config/auth/pia/credentials.txt