VPN Client - Enabled Device Default Route

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VPN Client - Enabled Device Default Route

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VPN Client - Enabled Device Default Route
VPN Client - Enabled Device Default Route
2023-01-06 16:02:43
Model: Archer AX3000  
Hardware Version: V1
Firmware Version: 1.1.6 Build 20221126 rel.2425(5553)

I have an OpenVPN setup where the AX3000 is the client.  It is setup to route only a single network subnet range.  However, when a client is added to the "Device List", it seems the router forces a default route for all traffic through the VPN connection.

 

Is there anyway to override this behavior.

My OpenVPN congif contains:

route 10.0.0.0 255.0.0.0
route-metric 50
route-nopull

 

Summary, I want to use the router as an OpenVPN client, I want to add devices on the network that can then have any 10.0.0.0/8 traffic over the VPN, but all other 0.0.0.0/0 traffic routed out locally.

  0      
  0      
#1
Options
2 Reply
Re:VPN Client - Enabled Device Default Route
2023-01-12 01:30:55

Seems there is no solution for this.  There is no way to get a TP Link Router to only route the specific VPN network traffic and not all traffic.  

 

Other routers(Asus for sure) support this, kind of surprised, as it's part of the basic OpenVPN config to define the traffic being routed.  So the TP Link router is overriding what is defaulted in the OpenVPN client config.

  0  
  0  
#2
Options
Re:VPN Client - Enabled Device Default Route
2023-06-28 05:05:07

  @JatSrt I have Archer AX3000 AX55 router, it works fine, with vpn, only added devices have the vpn and rest will be without vpn. No issues. I am using expressvpn openvpn service.  In vpn client just ammend the ovpn file from express vpn as under:

 

dev tun
fast-io
persist-key
persist-tun
nobind
remote (server ips or link) 1195
remote-random
pull
comp-lzo no
tls-client
route-gateway dhcp
persist-local-ip
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
#cipher AES-256-GCM
#keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass

 

it do take 5 to 10 minutes for establihing connection, but once connected work fine. You can only route vpn services to specified devices as required.

  0  
  0  
#3
Options