This article provides instructions on overcoming routing issues when running VPN server and client on the router at the same time.
The VPN server running on your router can provide a secure connection to your home network while you're away. If you need to access the router itself or any of your home network devices from afar, the VPN server is a great solution.
You may want to run a VPN client on your router to encrypt your connection to the internet and prevent your ISP from snooping on your traffic and DNS requests (which in some countries is now legal for ISPs to monetize) as well as meddling with DNS requests or HTTP traffic. In order to use a VPN client on your router, you would need to obtain credentials to a corresponding VPN server. Your connection to the VPN server is encrypted, preventing your ISP from snooping/meddling on your traffic. A wide variety of commercial VPN providers exist. Once you install/run a VPN client on your router, it's best to route all your traffic via a VPN tunnel.
If you use the VPN client on your router which sends all traffic by default over VPN tunnel, you might have a problem setting up the VPN server on the same router (because the VPN server will receive the traffic on WAN gateway, but will send it out via VPN tunnel which your remote device wouldn't expect). This article helps you overcome this issue.
luci-app-vpn-policy-routing). Enable the
vpn-policy-serviceservice from Web UI or
if [ -s /etc/config/vpn-policy-routing ]; then uci set vpn-policy-routing.config.output_chain_enabled='1' uci add_list vpn-policy-routing.config.ignored_interface='vpnserver' uci add vpn-policy-routing policy uci set vpn-policy-routing.@policy[-1]=policy uci set vpn-policy-routing.@policy[-1].comment='VPN Server' uci set vpn-policy-routing.@policy[-1].interface='wan' uci set vpn-policy-routing.@policy[-1].local_ports='<port_for_incoming_connections_to_your_VPN_server>' uci commit vpn-policy-routing fi
vpnclientwith the firewall zone for your VPN client, refer to the tail of
uci add firewall forwarding uci set firewall.@forwarding[-1].src='vpnserver' uci set firewall.@forwarding[-1].dest='vpnclient' uci commit firewall
service vpn-policy-routing reload