Posted: Wed Feb 28, 2024 23:11 Post subject: Policy Based Routing (OpenVPN)
I have some of this figured out but I haven't figured out how to get a port to bypass the VPN tunnel. When I add my box that contains the Postfix server in the PBR list, to route selected clients through the VPN, I can't send or receive e-mail. Strange thing is that I can telnet to it from another network and nmap shows the port open. Anyway, it's an openvpn issue since when I turn off the VPN I can send and receive email again. How do I route port 25 to outside of the VPN tunnel?
Remove the server running Postfix from PBR...or set PBR to route IPs via WAN and not tunnel...
I run several items in the box, not just the postfix server. So, I want to route port 25 outside of the tunnel, not the IP assigned to the box. It's my understanding that it can be done but I don't know how.
You can set PBR to "Route Selected Sources Via Wan"
then add
Code:
sport 25
in the PBR list
Looks like I figured it out. The PBR selections had me confused since you can only select 1 of 3 options. Setting up my list in "Route Selected Sources Via Wan" was all I need to do. Everything else gets routed through the VPN. I get more dense the older I get. Thanks anyway. Anyway, I wish I could use wireguard with my VPN provider instead of OpenVPN. The VPN providers that I contacted didn't seem to want to provide a manual configuration for wireguard or they were using a proprietary form of wireguard (like NordLynx).
I guess I spoke too soon. I'm receiving incoming e-mail but outgoing email gets refused. Sending to other mailboxes on my system works OK though. If I disable the VPN the email goes out. Also, it turns out that my modifications prevent incoming WAN connections to my wireguard VPN from getting routed back out on the OpenVPN.
Hi. I hope it's ok to hijack this thread. Creator said he fixed it, but did not tell what he did to achieve it.
I have WRT1200AC with build 55779.
I'm trying to forward a port 3456 with built-in PBR. I selected "Route Selected Sources Via Wan" option and wrote "sport 3456" in the box, but canyouseeme.org doesn't see my port.
If I write my PC IP into that box it bypasses VPN and canyouseeme.org sees my port, so I guess there is no firewall problem. It bypasses my PC, but not only 1 port.
I went to look at Routing Policy Table and I can see that port 3456 is directed to Table 10, so I guess the rule in PBR works.
I also tried to add Table 5 and Routing Policy for Table 5, according to https://forum.dd-wrt.com/phpBB2/download.php?id=48550 guide, but had no luck. I do see my forwarded port Routing Policy Table two times, on Table 5 (from guide) and 10 (from PBR).