usbmux 0 Posted ... Hello! after setting up AirVPN within my Tomato device - everything was working as expected, all the traffic was passing through the AirVPN Service. The following settings are applied: https://airvpn.org/tomato/ However, AirVPN is a huge bottleneck for my connection - and i would like to pass only traffic to specific hosts through the service such as NetFlix for example. After skimming the web how to achieve this - found this article listed here: http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/ So what i was looking for seems achievable - and there is a script to include within my "WAN Up" section of the Tomato Device (attached this script within this post). However when the WAN starts - the script loads up well (checked this by querying the iptables from the router itself, iptables -t mangle -L PREROUTING) Still all the traffic is passing through the AirVPN Service - is there something which i might be forgetting? or maybe i need to alter my OpenVPN config on my device? any assistance would be appreciated. -- umscript-wanup.txt Quote Share this post Link to post
Staff 9973 Posted ... Hello! The script is working correctly: all the traffic is tunneled. If you want to split traffic with this script, then you forgot to de-comment one of the key lines See here: # # Define the routing policies for the traffic. The rules will be applied in the order that they # are listed. In the end, packets with MARK set to "0" will pass through the VPN. If MARK is set # to "1" it will bypass the VPN. # # EXAMPLES: # # All LAN traffic will bypass the VPN (Useful to put this rule first, so all traffic bypasses the VPN and you can configure exceptions afterwards) # iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1 # Ports 80 and 443 will bypass the VPN # iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 80,443 -j MARK --set-mark 1 # All traffic from a particular computer on the LAN will use the VPN # iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.2 -j MARK --set-mark 0 # All traffic to a specific Internet IP address will use the VPN # iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 216.146.38.70 -j MARK --set-mark 0 # All UDP and ICMP traffic will bypass the VPN # iptables -t mangle -A PREROUTING -i br0 -p udp -j MARK --set-mark 1 # iptables -t mangle -A PREROUTING -i br0 -p icmp -j MARK --set-mark 1 Kind regards Quote Share this post Link to post
usbmux 0 Posted ... It is uncommented further below: # By default all traffic bypasses the VPN iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1 # Spotify explicitly uses the VPN iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 78.31.8.1-78.31.15.254 -j MARK --set-mark 0 iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 193.182.8.1-193.182.15.254 -j MARK --set-mark 0 Quote Share this post Link to post
Staff 9973 Posted ... Hello! Yes, you're right. It looks fine then, are all the interface names correct? Kind regards Quote Share this post Link to post
usbmux 0 Posted ... Yes they are - should i amend my OpenVPN Client configuration on my Tomato device? Options like: Firewall (Custom?) or create NAT on tunnel? or redirect internet traffic? Quote Share this post Link to post
Not connected, Your IP: 3.141.47.163
Online: 25320 users - 290529 Mbit/s total BW