I have an EdgeRouter Lite, with my internet connection coming in on eth0. Currently I have an openvpn connection setup in the usual way, and traffic from eth1 going over this connection.
I have connected eth2 and do not want this traffic to be sent over the vpn. However, on invocation of openvpn, I notice that it adds the 0.0.0.0/0 route to the routing table, pointing all traffic towards the VPN connection.
Is there a way to finesse this, such that eth1 goes over the openvpn connection, and eth2 goes straight to to eth0? Ultimately I would also like to be able to route between the two subnets, which is currently not possible. Current setup follows:
firewall {
all-ping enable
broadcast-ping disable
group {
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify SOURCE_ROUTE {
rule 10 {
action modify
modify {
table 1
}
source {
address 192.168.1.0/24
}
}
}
name TV-HTTP {
default-action accept
description ""
}
name WAN_IN {
default-action accept
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
}
name WAN_LOCAL {
default-action accept
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address 192.168.1.1/24
description Local
duplex auto
firewall {
in {
modify SOURCE_ROUTE
}
local {
name TV-HTTP
}
out {
}
}
mtu 9000
speed auto
}
ethernet eth2 {
address 192.168.2.1/24
description "Local 2"
disable
duplex auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
config-file /config/auth/pia/melbourne2.ovpn
}
}
protocols {
static {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN1 {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.38 {
stop 192.168.1.243
}
}
}
shared-network-name LAN2 {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
start 192.168.2.38 {
stop 192.168.2.243
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth1
listen-on eth2
}
}
gui {
https-port 443
}
mdns {
reflector
}
nat {
rule 5000 {
description openvpn-host
log disable
outbound-interface vtun0
source {
address 192.168.1.0/24
}
type masquerade
}
rule 5010 {
description "masquerade for WAN"
destination {
address 192.168.0.0/24
}
log disable
outbound-interface eth0
protocol all
type masquerade
}
rule 5011 {
destination {
port 80
}
log disable
outbound-interface eth0
outside-address {
address 192.168.1.44
port 3128
}
protocol tcp
type source
}
}
ssh {
port 22
protocol-version v2
}
}OpenVPN config file:
client dev tun proto udp remote aus-melbourne.privateinternetaccess.com 1194 resolv-retry infinite nobind persist-key persist-tun ca /config/auth/pia/ca.crt tls-client remote-cert-tls server auth-user-pass comp-lzo verb 1 reneg-sec 0 crl-verify /config/auth/pia/crl.pem auth-user-pass /config/auth/pia/credentials.txt
