how do I route to specific openvpn tunnel?

2 posts / 0 new
Last post
thomas@pruefer.no
thomas@pruefer.no's picture
how do I route to specific openvpn tunnel?

Hi @all, 

after several days searching the web, reading how to's and study commands i came to the result that I need your knowledge! 

To the problem: 
I like to route traffic from a specefic bridge (br1=wl0.1 wl1.1 vlan3)/vlan (vlan3=eth port 4) to established openvpn tunnel (tun1). 

The traffic coming from lan port 1-3 and wlan (eth1+eth2) shell be forwarded/routed to the standart WAN port and the traffic coming from lan port 4 and virtuell wlan (wl0.1+wl1.1) shell be forwarded/routed to the openvpn tunnel. 
The diffrent subnets should be able to communicate localy to each other. 

How to manipulate iptables/ip route or/and startup scrip/openvpn specefic route? 

here is my current router state (Netgear R7000 AC1900 DD-WRT DD-WRT v3.0-r28647 std 01/02/16). 
The router is behind a bridged Zyxel P8702N with standart firmware. 

SO, how do i need to manipulate the routing by iptables, ip route and specific OpenVPN routing? 

Thanks all for your help! 

Have a nice day!

mesteele101
mesteele101's picture
Does this help:

For DD-WRT:

You need to create a basic DNAT on your router, these rules are added under Administration >> Commands and saved as firewall rules.

Assuming that:

  • destIP is the IP address of the destination device
  • port is the port you wish to forward to that device
  • tun1 is the tun interface of your router (please check! on some routers it can be tun0, on Tomato it can be tun11)
  • you need to forward both TCP and UDP packets

You need to add the following rules. Please note that the following rules do NOT replace your already existing rules, you just have to add them.

iptables -I FORWARD -i tun1 -p udp -d destIP --dport port -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d destIP --dport port -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP
 

Note: I have no idea I just had this done to open an outside port to one of my PC's on the VPN.