GL-AR750S: OpenVPN routing and firewall

I set up an OpenVPN client to connect the router (GL-AR750S) to my home network. It works well, but I’d like to route only traffic destined for my home network through the VPN, leaving WAN traffic going through the wlan-sta interface. How can I acoomlish this? This is what my routing table looks like:

root@GL-AR750S:~# ip route dev tun0 scope link
default via dev wlan-sta proto static src metric 20 via dev tun0 via dev wlan-sta via dev tun0 dev tun0 proto kernel scope link src via dev wlan-sta dev tun0 scope link dev br-lan proto kernel scope link src dev wlan-sta proto static scope link metric 20

Also, I want to be able to connect from my home network back to the router over the VPN. This is possible by changing the Luci->Firewall->Zones->ovpn settings to accept/accept/accept for Input/Output/Forward. However, if I disconnect/reconnect the VPN, the setting reverts to the default of reject/accept/reject. How can I make this stick?


Not sure how to use the route tables but our S2S solution is exactly for this purpose

Ok, thanks. This is really easy to set up using plain Ubuntu machines though (OpenVPN takes care of modifying the routing), so it seems it should be possible with OpenWRT unless it’s artificially preventing it for some reason.

I’m going to try Wireguard and see if I have better luck with that.

Site-to-site with split tunneling works fine with Wireguard, but I have the same problem with the firewall zone settings resetting every time I disconnect/reconnect the VPN.