Posted: Mon Aug 20, 2012 2:03 Post subject: Open VPN client routes
Hello all,
I've tried to setup this config on several versions of dd-wrt to no avail. I'm just getting stuck on one final step.
I'm using a public OpenVPN to route traffic, I have no control over the server settings, so I can't change any of that. I am on the client side only.
I've configured the IPSec and everything and it works! which is great! but there's a problem. Mainly routing.
Basically, the client accepts the push routes from the server regardless of settings. Effectively, I want to be able to setup (preferrably in the config) which routes to push through the VPN, and which to route locally through the WAN. Everytime the VPN connects, it routes all packets through the remote VPN's Default Gateway, which is not what I want.
Is there a good way to get this done? I have some knowledge and skill with writing scripts, but I don't have the experience with OpenVPN running on linux (nevermind dd-wrt), to show me where I would define to run such a script. The script would effectively delete the default route to the remote network, and establish only the routes to the VPN that I wish. I tried using the "additional config" but to no avail, since there doesn't seem to be a way to delete a route from there.
Does anyone have any knowledge of the OpenVPN client for dd-wrt enough to embed a post-connect script that will fix my routing tables? I have no issues mounting jffs, and I have enough space to make it work.
Nevermind. I figured it out. for anyone searching for a way to change pushed routes in openvpn on dd-wrt, here's how I did it.
in Additional Configuration, add...
route-nopull
This will prevent the server from pushing routes onto your system.
Then add the routes you want using:
route network subnet
For example, if you wanted only to route to remote subnet 192.168.1.0/24 (or 255.255.255.0), you would add to additional config:
route-nopull
route 192.168.1.0 255.255.255.0
This will also work with internet routes, except you have to add "vpn_gateway" to the end, to tell your dd-wrt where to send the packets on the remote network. for example, if you wanted to route through the remote network, only packets destined for 172.16.16.0/24, you would add:
to your Additional Configuration... this would reject any pushed routes, and add the route through the remote gateway to 172.16.16.0.
Not to put any ideas in anyone's head, but this may be handy for those looking to route through a VPN gateway to specific sites that may not work in their country.... just saying.
Enjoy people. makes me sad nobody could help me with this, but I would be irresponsible if I didn't come back and let those that may search after me, know what the solution was.