Posted: Fri Feb 02, 2024 6:55 Post subject: OpenVPN and PBR for certain clients
I know this is probably not an advanced ? per se, but the information found in the forum and wiki do not seem to be helping me.
Im running an older build (latest for my model = NG R8000) @ DD-WRT v3.0-r44715 std (11/03/20). Which I am generally happy w\ and running a rather vanilla setup other than using OpenVPN (via IPVanish).
The only trouble Im having is when trying to use PBR to force 4 of my client ips through the VPN (ie: 192.168.1.100 thru 104) by specifying CIBR address of 192.168.1.100/30 in the PBR field under OpenVPN configuration. So this works fine, except all my other clients not specified in PBR lose connection to the WAN. If i remove the PBR and enable OpenVPN client they all are routed thru the VPN.
Do I need to create a special routing table to connect other clients not specified in the PBR or am I missing something else here? Thanks
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Fri Feb 02, 2024 7:21 Post subject:
1st that build is old and contains lots of security flash (and not recommended at all )
2nd newer build have updated OpenVPN and other components...that are required for better VPN security..
3rd On the newer builds you can easy use the PBR option..via GUI and exclude include routes and sources with ease...
yes i know there are certain hicups with R8000 but finding a newer/working build should be you top priority
VPN guides and documentation is here https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Ok, yeah thanks for advice. I guess Ill try and flash a different FW for my router, it IS a bit dated. Ive tried OpenWRT before and didnt love it (maybe it was an older build..think v22.03.6?) Looks like one of the more recent ones is Freshtomato? I downloaded "freshtomato-R8000-K26ARM7-2023.5-AIO-64K" does that seem like the appropriate FW? Ive bricked a rtr before so just would appreciate a sanity check! Last question: is it safe to flash thru the DD-WRT web interface or should I use nmrpflash? Thaaaankks!
Actually you mention and its in the posted links that there is a a newer build of DDWRT that would work for my R8000 router (ie: Latest build is 55033). Like I mentioned i my OP, Im happy w DDWRT so Id be fine just upgrading to a newer build w\ security fixes and better vpn support. The only reason im using the 'v3.0-r44715 std (11/03/20)' is because thats the only one listed as supported for my HW in the DB. So not wanting any issues w\ wrong build could you be so kind to point me to the right download for 55033 for my R8000? I guess its not intuitive unless your using the DB to find the download . Thanks kindly