Let a single device bypass vpn?

Discussion in 'Tomato Firmware' started by FeejerFiend, Jan 13, 2010.

  1. FeejerFiend

    FeejerFiend Addicted to LI Member

    Is it possible to have all connected devices on my router redirect through the vpn (the usual case) *except* for one device (VOIP client)? All my router clients have static IPs assigned, so I just need to get it to have one of them bypass the vpn, but have no idea how.
  2. gawd0wns

    gawd0wns Network Guru Member

    You should be able to specify the "redirect-gateway" directive in the client configuration files as opposed to the server configuration file; just leave the directive(s) out of the VOIP client config. I recall doing this on a Windows XP laptop last year.

    To get an idea of what to type in, start up your server with the "Direct clients to redirect Internet traffic" box checked off, and all other settings you want on your router. Start the VPN server, telnet to your router and type: cat /etc/openvpn/server1/config.ovpn Copy the output into a text editor.

    Stop your server, uncheck "Direct clients to redirect Internet traffic" and start the VPN server again. Type in cat /etc/openvpn/server1/config.ovpn once more, and copy the output. You will want to copy the lines which are missing from the second config.ovpn into all of the client configuration files, except for the one VOIP device.
  3. FeejerFiend

    FeejerFiend Addicted to LI Member

    Thanks for the suggestion. I tried that, but the only difference is that the config with "Direct clients to redirect Internet traffic" checked has the line

    push "redirect-gateway def1"
    Perhaps I should have been more clear. My router is in vpn client mode, not server. Once I start vpn on the router, all traffic from my PC, Xbox etc. gets sent over it which is fine, but I would like my voip device not to do so. I'm pretty sure this might involve adding a static route from the IP of my voip device to... somewhere, but I might be wrong.
  4. WRobertE

    WRobertE Addicted to LI Member

  5. FeejerFiend

    FeejerFiend Addicted to LI Member

    I'm on tomato and don't feel like switching to dd-wrt, but thanks for the link anyway - some useful info there.

    Anyway, I was able to get the voip device to bypass the vpn by manually assigning it's gateway to my dsl modem's IP, via it's web configuration screen.
  6. WRobertE

    WRobertE Addicted to LI Member

    You don't have to switch to DD-WRT to use VLANs. VLAN's can be implemented in Tomato using the information shown in the link. You just cannot do it directly from the Tomato GUI.
  7. acollado

    acollado LI Guru Member

    You could have Tomato assign the gateway based on device MAC address using a customer command in the DNSmasq custom configuration box.

    #map MAC address to network ID
    dhcp-mac=VOIP,<MAC address>

    #apply custom gateway to specific network ID

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice