Openvpn configuration to avoid the default redirection (all through the VPN)

Is there any openvpn client configuration to avoid the default redirection behavior (all through the VPN)?
That is, once the VPN is connected, the router continues redirecting the traffic through the WAN (eth0).
Then I will define specifically which networks I want to be redirected through the VPN (tun0)

1 Like

Yup, it is enabled by default in v3.x firmware.

Once you start the OpenVPN, regardless of the connection is established, will disable all data traffic forward toward WAN, so if the connection is lost, the LAN devices no Internet.


Thanks for your answer, but it is not than I need.
I want to use the VPN to connect with a secondary network.
Really, I want to keep the use my local gateway for internet access. Only would pass through the VPN (tun0), when access to the specific IPs of the remote network.

What router model? If you have a Slate (AR750S) there is a beta/test frimware for policy routing in the testing directory.

My router is the ar750, for this device I didn’t see any firmware of this type

I have another router (different manufacturer) and my OpenVPN config file (*.ovpn) run fine, routing through the VPN only a specific range

Contrary, in this router, this file routing al traffic through the VPN. I think it is due to a two definition in IP Route list (0 and for the tun0) that appear after VPN connection. I tried to del them, but it maintains the same behavior.

We had disabled LAN forward to WAN when OpenVPN is started, to avoid data leakage. In your usage scenario, you have to ssh to the router, and edit the file /etc/init.d/startvpn and /etc/vpn.user. Please delete or comment on those lines, and restart the VPN client, but it might has potential data leakage.


1 Like

Hi, kyson-lok
Thank you so much for your help.
Your advice works perfectly, and it does just what I wanted.

Thanks again
Have a nice day

I also want the router on the WAN for Internet, and only LAN-to-LAN traffic over the VPN.

After implementing the above changes, the router can browse the Internet locally, and the VPN Server can connect to the router.

However, even though I have configured the VPN server to act as a router (IPEnableRouter = 1 on Windows), and after adding a static route to a desktop computer behind the VPN server, I am not able to ping the router from the desktop.

If I revert the changes to the /etc/init.d/startvpn and /etc/vpn.user files, I can once again ping the router from the desktop computer.

It seems that the routing or the firewall is not allowing multiple hops to get to the router.

Hey, are you planning to add an option to turn this feature on and off from the VPN page?
It’s really annoying to have to disable it every time a new firmware is available!

1 Like

Hi, it looks like wireguard has the same problem. What files do I need to edit?