heredago's blog

September 17, 2013

how to connect to a VPN server on a TomatoUSB router and then only tunnel the traffic to specific hosts

Filed under: Uncategorized — Tags: , , , , , , , , , — heredago @ 20:48

1- setup openvpn connection on the router

https://www.privateinternetaccess.com/pages/client-support/#tomato_openvpn

https://www.privateinternetaccess.com/forum/index.php?p=/discussion/110/updated-tomato-setup-for-newer-branches-including-tomatousb

 

2- ImageImageImageImage

 

 

then

2- only tunnel specific hosts route through openvpn client on tomato

http://serverfault.com/questions/382498/howto-only-tunnel-specific-hosts-route-through-openvpn-client-on-tomato

I finally did it 🙂

I’m using v1.28.9054 MIPSR2-beta K26 USB vpn3.6, but should work on others, as it’s networking.

OpenVPN wants to setup all your routing, you’ve got to stop that…

In VPN Tunneling/Client/Basic: Uncheck “Create NAT on Tunnel”

In VPN Tunneling/Client/Advanced: Uncheck “Redirect Internet Traffic”

Custom Configuration, add the line: route-nopull

 

In Administration/Scripts/Firewall, make sure you have:

iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE

Reboot, and viola, you got nothing…

Then, in a VPN up script (Best choice), or if you have your VPN start with WAN, put in your Administration/Scripts/WANUP

sleep 30
ip route flush table 200
ip route flush cache
ip rule add from 192.168.1.11 lookup 200
ip rule add from 192.168.1.13 lookup 200
VPN_GW=`ifconfig tun11 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
ip route add table 200 default via $VPN_GW dev tun11

This probaly isn’t the “best” or “proper” way to do it, but it works. Now only 192.168.1.11 and192.168.2.13 will go through the OpenVPN tunnel. All other devices, and their traffic will go local.

This was extremely important for me, as i didnt want my Transmission torrent traffic going over the VPN. Some guy like SgtPepperKSU is looking at this and probably laughing… Anyway, from one Routing noob to another…

Create a free website or blog at WordPress.com.