1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RT66N - Tomato - Allow only specific IP(s) through OpenVPN

Discussion in 'Tomato Firmware' started by fearz, Jul 10, 2012.

  1. fearz

    fearz Serious Server Member

    Hi,

    I'm using OpenVPN to connect through strongVPN, when it start, all connected devices use strongVPN IP....I want to only have 1 device connecting through OpenVPN and all other devices remain connected with the real router IP...

    Can someone more experienced in scripting or with iptables let me know how to do so?

    Thanks a lot
     
  2. shadowken

    shadowken Networkin' Nut Member

    OpenVPN wants to setup all your routing, you've got to stop that...
    In VPN Tunneling/Client/Basic

    Uncheck "Create NAT on Tunnel" In VPN Tunneling/Client/Advanced
    Uncheck "Redirect Internet Traffic"
    Custom Configuration, add the line: route-nopull
    In Administration/Scripts/Firewall, make sure you have:

    iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
    iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
    iptables -I INPUT -i tun11 -j REJECT
    iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE

    Then, in a VPN up script (Best choice), or if you have your VPN start with WAN, put in your Administration/Scripts/WANUP :

    sleep 30
    ip route flush table 200
    ip route flush cache
    ip rule add from 192.168.1.11 lookup 200
    ip rule add from 192.168.1.13 lookup 200
    VPN_GW=`ifconfig tun11 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
    ip route add table 200 default via $VPN_GW dev tun11
     
  3. subz3ro

    subz3ro Networkin' Nut Member

    how can I write a VPN up script for pptp?
     

Share This Page