Quantcast
Channel: EdgeRouter topics
Viewing all articles
Browse latest Browse all 20028

OpenVPN one one interface, not on another

$
0
0

I have an EdgeRouter Lite, with my internet connection coming in on eth0. Currently I have an openvpn connection setup in the usual way, and traffic from eth1 going over this connection.

 

I have connected eth2 and do not want this traffic to be sent over the vpn. However, on invocation of openvpn, I notice that it adds the 0.0.0.0/0 route to the routing table, pointing all traffic towards the VPN connection.

 

Is there a way to finesse this, such that eth1 goes over the openvpn connection, and eth2 goes straight to to eth0? Ultimately I would also like to be able to route between the two subnets, which is currently not possible. Current setup follows:

 

firewall {
    all-ping enable
    broadcast-ping disable
    group {
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    modify SOURCE_ROUTE {
        rule 10 {
            action modify
            modify {
                table 1
            }
            source {
                address 192.168.1.0/24
            }
        }
    }
    name TV-HTTP {
        default-action accept
        description ""
    }
    name WAN_IN {
        default-action accept
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
    }
    name WAN_LOCAL {
        default-action accept
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description Internet
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.1.1/24
        description Local
        duplex auto
        firewall {
            in {
                modify SOURCE_ROUTE
            }
            local {
                name TV-HTTP
            }
            out {
            }
        }
        mtu 9000
        speed auto
    }
    ethernet eth2 {
        address 192.168.2.1/24
        description "Local 2"
        disable
        duplex auto
        speed auto
    }
    loopback lo {
    }
    openvpn vtun0 {
        config-file /config/auth/pia/melbourne2.ovpn
    }
}
protocols {
    static {
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN1 {
            authoritative disable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.1
                lease 86400
                start 192.168.1.38 {
                    stop 192.168.1.243
                }
            }
        }
        shared-network-name LAN2 {
            authoritative disable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                dns-server 192.168.2.1
                lease 86400
                start 192.168.2.38 {
                    stop 192.168.2.243
                }
            }
        }
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth1
            listen-on eth2
        }
    }
    gui {
        https-port 443
    }
    mdns {
        reflector
    }
    nat {
        rule 5000 {
            description openvpn-host
            log disable
            outbound-interface vtun0
            source {
                address 192.168.1.0/24
            }
            type masquerade
        }
        rule 5010 {
            description "masquerade for WAN"
            destination {
                address 192.168.0.0/24
            }
            log disable
            outbound-interface eth0
            protocol all
            type masquerade
        }
        rule 5011 {
            destination {
                port 80
            }
            log disable
            outbound-interface eth0
            outside-address {
                address 192.168.1.44
                port 3128
            }
            protocol tcp
            type source
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}

OpenVPN config file:

client
dev tun
proto udp
remote aus-melbourne.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /config/auth/pia/ca.crt
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify /config/auth/pia/crl.pem
auth-user-pass /config/auth/pia/credentials.txt

 


Viewing all articles
Browse latest Browse all 20028

Latest Images

Trending Articles



Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>