How to allow certain ip to bypass vpn

3 posts / 0 new
Last post
artificia
artificia's picture
How to allow certain ip to bypass vpn

Hello all,

I have succesfully setup openvpn using ipvanish with Kong latest build on R7000. I have been looking for a way to allow one computer with static ip assigned i.e 10.0.0.100 to bypass the vpn. So far I have no luck in doing so. I use policy based routing and input all others ip except 10.0.0.100 and it does not work.

Any help is greatly appreciated.

Thanks,
Amir

kinakuta
kinakuta's picture
Hi Amir,

Hi Amir,

there are several ways you can do that, but I guess the easiest is by just using IP tables to route the IP(s) around the VPN tunnel. Here's how I did it:

In "Administration -> Commands" save this as a startup script with the list of IP(s) you want to bypass the VPN tunnel:

#!/bin/sh
sleep 30
NO_VPN_LST="10.0.0.100 10.0.0.101 10.0.0.102"
[ -z "$NO_VPN_LST" ] && exit 0
WAN_GWAY="0.0.0.0"
while [ $WAN_GWAY == "0.0.0.0" ]; do
sleep 3
WAN_GWAY=`nvram get wan_gateway`
done
ip route add default via $WAN_GWAY table 10
for ipa in $NO_VPN_LST; do
ip rule add from $ipa table 10
done
ip route flush cache
exit 0
 
Then don't forget to add the firewall rules using iptables for the VPN routing and "Save Firewall":
 
# openvpn routing
iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I INPUT -i tun1 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
 

Best,
Martin

showstopper
showstopper's picture
I have this setup as well and

I have this setup as well and in the Policy Based Routing it directs that client to the VPN, othewise it is off.