Exclude installed apps from using VPN


(Andrzej) #1

Hello. Is it possible prevent installed apps on the router, like i2pd and TOR, to not use VPN tunnel but rest of the Lan will use VPN? Do you know how to do this?

Regards.


(Frank W.) #2

maybe you can realize this with 2-gateway system

http://www.rjsystems.nl/en/2100-adv-routing.php

1 routing table pointing direct to “normal gateway” with rule from/to localhost, the other to vpn with rule from/to lan-segment…you have to ensure that local requests coming from localhost not local lan-ip


(Andrzej) #3

I’m wondering what ip address i must enter for it. 127.0.0.1? 192.168.1.1 will be for br-lan. So i still don’t know how to do it.

Regards.


(Frank W.) #4

You can try 127.0.0.0/8

Or just running tcpdump on your outgoing interface to look where traffic comes


(Andrzej) #5

Got it worked.

I created new routing table named ‘vpnbypass’

echo 2 vpnbypass >> /etc/iproute2/rt_tables

and copied there contents of main table without vpn runnung

ip route add default via xxx.xxx.224.1 dev wan proto static src xxx.xxx.233.142 table vpnbypass
ip route add xxx.xxx.224.0/20 dev wan proto kernel scope link src xxx.xxx.233.142 table vpnbypass
ip route add xxx.xxx.224.1 dev wan proto static scope link src xxx.xxx.233.142 table vpnbypass
ip route add 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 table vpnbypass

and add ip rule

ip rule add from 127.0.0.1/1 lookup vpnbypass

Now is working. Thank you Frank to point me to right direction, you are good person.

Regards.