It sounds like you do not understand how vpn's work.
VPN= Virtual Private Network.
As the name implies, it is another network...
Hench traffic going over the vpn interface will have a different private IP address which for vpn's is normally something like 10.10.8.x
There is absolutely no way to access your LAN IP scope from outside over the vpn. As long as your a client on the vpn (not the server) then you have 0 control over what & how the vpn responds to external traffic trying to come in.
VPN uses NAT/PAT just like your router. The biggest difference is that you do not have the ability (as a client) to do port redirects from the outside world, back to your network over the vpn tunnel.
If I have failed to understand your issue please clearly explain what you are doing and what behavior you believe you should be seeing vs. what you are seeing. _________________ Router currently owned:
Netgear R7800 - Router
Netgear R7000 - AP mode
Joined: 18 Mar 2014 Posts: 12836 Location: Netherlands
Posted: Thu Apr 13, 2017 15:17 Post subject:
@Slidermike is right, but if you use PBR then the default gateway is the WAN and your router can be accessible from the outside.
If I understand correctly then using PBR does not route through the VPN, I am also on PIA and using policy based routing which does work.
I used the same instructions and 192.168.101/32 is the right way to get this IP address routed via the VPN
Things I can think of
1. What router/build are you using? I am on Kong 31780 (netgear R6400), some BS builds have had problems, if you are on BS builds try the latest
2. The IP address is in the DHCP scope (presumably) for your client set a static lease outside the scope and put that in the PBR field, test with ipleak.net
3. If this does not help then post your question and the following items in the advanced networking forum
@Slidermike is right, but if you use PBR then the default gateway is the WAN and your router can be accessible from the outside.
If I understand correctly then using PBR does not route through the VPN, I am also on PIA and using policy based routing which does work.
I used the same instructions and 192.168.101/32 is the right way to get this IP address routed via the VPN
Things I can think of
1. What router/build are you using? I am on Kong 31780 (netgear R6400), some BS builds have had problems, if you are on BS builds try the latest
2. The IP address is in the DHCP scope (presumably) for your client set a static lease outside the scope and put that in the PBR field, test with ipleak.net
3. If this does not help then post your question and the following items in the advanced networking forum
-OpenVPN config and status page
from the command prompt:
- route -n
- ip rule list
- ip route show table 10
Thank you egc, I managed to make it work this time, with almost exact configuration. The only things I could think of *may* be different are:
1. Setup > Basic Setup > Network Setup: I set "Local DNS" to 0.0.0.0 (previously I may have had it on the router's IP)
2. Services > Services > DNSMasq: disable "Encrypt DNS", "Local DNS" + enable "Query DNS in Strict Order".
3. This may be a KEY difference -- I had Privoxy enabled before, and I have it disabled this time.
The next thing I am still trying to achieve (probably not viable through the GUI PBR) is to route only my Transmission torrent client through VPN -- that would mean only routing traffic from/to my router IP __THROUGH__ specific port, but leave other traffic through the router IP on WAN... is that even possible?
Is this the transmission client on the router itself or running on another machine?
When dealing with applications that need to be routed over the VPN, you can still use PBR, but you'll want to bind a specific IP address to the application in question that's in the VPN policy. Not all applications support this though and you'll want to make sure the application will obey the bind, otherwise you'll get leaks.
If its the transmission client on the router, you shouldn't just place the IP of the router into the PBR list, otherwise you'll encounter a "bug" in the routing table which will get you locked out and mess up your internet access.
I'm not familiar with the transmission daemon built into DD-WRT, but if the config allows you to bind to a specific IP that's not the routers primary IP, you'll achieve it that way, you don't have to worry about ports in this case, as the source IP will match the VPN policy.
You'll need to add a secondary IP address to your router and make sure its in your startup script, otherwise it will be lost on a reboot, something like this should work:
Code:
ip addr add 192.168.1.x dev br0
_________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
Hi, I have my r7000 running onboard transmission torrent. How can i set my vpn only for the torrent on the router.
The ip of the router is 192.168.1.1.
As above. Ideally you'll want the Transmission client to bind to an IP that isn't the default router IP e.g. 192.168.1.1. If you add a secondary IP to your router and edit the transmission config to bind to it, you can then place it in the PBR table.
I can't remember if the transmission client setup within DD-WRT allows you to do it. Maybe someone else can confirm?
Don't however just add 192.168.1.1 or you will have a bad time! _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
I was having trouble getting my Ring Video Doorbell to work (black screen and a little sound) after I added the doorbell to my new network where I use DD-WRT along with the PIA VPN. After much time reading and searching, I noticed that alongside the Open VPN Client section of DD-WRT, it tells you to add the IP address of the device you want to force to use the VPN tunnel and the subnet mask. I followed the instructions and my video doorbell started working straight away. I could not believe it. Even the Ring level 2 support did not know how to fix my issue. Perhaps it will work for you also. The input must be entered as directed in the help instructions in the Open VPN Client section, IP address/subnet mask. Each device's information must be on a separate line.
Linksys Wrt 3200 ACM
DD-WRT version 33215
Thank you egc, I did not realize what I had done by putting something in the policy based routing field. If I disable the SFE, will my traffic be routed through the VPN instead of the ISP gateway even if I have an IP address and subnet mask in the policy based routing section?
Joined: 18 Mar 2014 Posts: 12836 Location: Netherlands
Posted: Sun Sep 17, 2017 9:39 Post subject:
All IP addresses in the PBR field are routed through your VPN, but if you enable SFE these IP addresses are not routed at all, this is a bug. So disable SFE
If you want to route almost all trafic through your VPN and supposing your router is on 192.168.1.1 and DHCP range is 100-150, then enter the following in your PBR field to route 192.168.1.100 - 192.168.1.150:
@Slidermike is right, but if you use PBR then the default gateway is the WAN and your router can be accessible from the outside.
If I understand correctly then using PBR does not route through the VPN, I am also on PIA and using policy based routing which does work.
I used the same instructions and 192.168.101/32 is the right way to get this IP address routed via the VPN
Things I can think of
1. What router/build are you using? I am on Kong 31780 (netgear R6400), some BS builds have had problems, if you are on BS builds try the latest
2. The IP address is in the DHCP scope (presumably) for your client set a static lease outside the scope and put that in the PBR field, test with ipleak.net
3. If this does not help then post your question and the following items in the advanced networking forum
-OpenVPN config and status page
from the command prompt:
- route -n
- ip rule list
- ip route show table 10
Thank you egc, I managed to make it work this time, with almost exact configuration. The only things I could think of *may* be different are:
1. Setup > Basic Setup > Network Setup: I set "Local DNS" to 0.0.0.0 (previously I may have had it on the router's IP)
2. Services > Services > DNSMasq: disable "Encrypt DNS", "Local DNS" + enable "Query DNS in Strict Order".
3. This may be a KEY difference -- I had Privoxy enabled before, and I have it disabled this time.
The next thing I am still trying to achieve (probably not viable through the GUI PBR) is to route only my Transmission torrent client through VPN -- that would mean only routing traffic from/to my router IP __THROUGH__ specific port, but leave other traffic through the router IP on WAN... is that even possible?
To route transmission over VPN while using PBR. Bind transmission to local vpn ip, and add said ip to the PBR table which should be 10.
Hi, I have my r7000 running onboard transmission torrent. How can i set my vpn only for the torrent on the router.
The ip of the router is 192.168.1.1.