[solved] traffic in VLAN not routed to default GW unless set as GW in FW rule
i set up two VLAN on the LAN interface.
VLAN1 should be used for the common internet traffic (WAN_PPPoE), VLAN2 for an openvpn-connection.
WAN_PPPoE is set as the default gateway
Now i have the problem, that traffic in VLAN1 is not routed to WAN unless WAN_PPPoE is set as the gateway in a firewall rule.
What can I check to ensure the default route is working correctly ? Actually I don´t want to set up a static route (or is this needed ? )
to verify check the 0.0.0.0 route in diagnostics–>routes
is the openvpn connection from one of the popular vpn providers?
-check route-nopull in the vpn client configuration page.
-assign an interface to your openvpn connection (using interfaces->assign, then enable the interface - but leave everything blank)
--- you should now have a gateway for dsl & vpn. the default one, will apply when none in specified.
Thanks for the hint, you are right, the problem is directly related to the openvpn client \ 2nd Gateway.
When I stop the openvpn service, I got back the old state.
I will try around and response later :)
I don´t know what´s wrong.
I followed those guides:
Immediately when the openvpn client connects this route is added to the routing table:
0.0.0.0/1 -> "vpn ip"
route-nopull is set.
could you post some screenshots of the client configuration page (blank out the irrelevant sensitive stuff).
also, are you running a fairly recent version?
thanks for your help, here are screenshots of:
- global interface configuration
- interface VLAN1
- interface VLAN2
- FW rules VLAN 1
- FW rules VLAN 2
- NAT rules
- OPVPN configuration
I'm runnig the latest stable 2.2.6 version.
the fw rule screenshot still has the gateway set, otherwise I couldn´t access the internet.
Additional openvpn parameters:
resolv-retry infinite redirect-gateway def1 persist-key persist-tun cipher AES-256-CBC auth MD5 keepalive 5 60 ping-timer-rem explicit-exit-notify 2 script-security 2 remote-cert-tls server route-delay 5 tun-mtu 1500 fragment 1300 mssfix 1300 verb 4 comp-lzo
Tried removing "redirect-gateway def1" ?
It seems like i couldn´t see the wood for the trees ::).
Thank you very much for the help.
I marked the threat as solved
glad you got i sorted